Total
12396 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0801 | 3 Joomla, Mambo-foundation, Paxxgallery | 3 Joomla\!, Mambo, Com Paxxgallery | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | |||||
CVE-2006-7118 | 1 Dmxready | 1 Site Engine Manager | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
CVE-2007-1026 | 1 Scriptdungeon | 1 Xlatunes | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-6375 | 1 Bitweaver | 1 Bitweaver | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue. | |||||
CVE-2006-5606 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | |||||
CVE-2007-6138 | 1 Vu | 1 Mass Mailer | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0739 | 1 Shoppingtree | 1 Candypress Store | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter. | |||||
CVE-2008-0857 | 1 Woltlab | 1 Burning Board | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page. | |||||
CVE-2007-1548 | 1 Webwizguide | 1 Web Wiz Forums | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. | |||||
CVE-2008-0606 | 3 Joomla, Mambo, Phil Taylor | 3 Com Shambo2, Com Shambo2, Shambo2 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. | |||||
CVE-2007-0695 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions. | |||||
CVE-2007-6566 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. | |||||
CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | |||||
CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | |||||
CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-6565 | 1 Blakord | 1 Blakord Portal | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. | |||||
CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | |||||
CVE-2007-5973 | 1 Jportal | 1 Jportal Web Portal | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
CVE-2007-6137 | 1 P3mbo | 1 Content Injector | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information. |