Total
12396 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0733 | 1 Cs Team | 1 Counter Strike Portal | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page. | |||||
CVE-2007-6083 | 1 Icebb | 1 Icebb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
CVE-2007-2673 | 1 Censura | 1 Censura | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | |||||
CVE-2006-7170 | 1 Koan Software | 1 Mega Mall | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | |||||
CVE-2007-0350 | 1 Sme | 1 Filemailer | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. | |||||
CVE-2006-7025 | 1 Sangwan Kim | 1 Bookmark4u | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | |||||
CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||||
CVE-2008-0133 | 1 Thomas Perez | 1 Tribisur | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. | |||||
CVE-2008-0817 | 2 Joomla, Mambo | 2 Com Filebase Component, Com Filebase Component | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||||
CVE-2008-0371 | 1 Alilg | 1 Alitalk | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0737 | 1 Shoppingtree | 1 Candypress Store | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter. | |||||
CVE-2007-6171 | 1 Digium | 1 Asterisk | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0461 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | |||||
CVE-2007-6665 | 1 Netchemia | 1 Oneschool | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter. | |||||
CVE-2008-0267 | 1 Eticket | 1 Eticket | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | |||||
CVE-2007-6518 | 1 Woltlab | 1 Burning Board Lite | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. | |||||
CVE-2007-5976 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | |||||
CVE-2007-4863 | 1 Quirm | 1 Saxon | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. |