Total
12395 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | |||||
CVE-2007-5220 | 1 Asp Product Catalog | 1 Asp Product Catalog | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. | |||||
CVE-2007-4966 | 1 Gforge | 1 Gforge | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | |||||
CVE-2008-0137 | 1 Snetworks | 1 Php Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | |||||
CVE-2008-0734 | 1 Limbo Cms | 1 Limbo Cms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php. | |||||
CVE-2008-0675 | 1 The Everything Development Company | 1 The Everything Development Engine | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter. | |||||
CVE-2007-6671 | 1 Instantsoftwares | 1 Dating Site | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-5629 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | |||||
CVE-2008-0301 | 1 Mapbender | 1 Mapbender | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors. | |||||
CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | |||||
CVE-2007-5704 | 1 Codewidgets | 1 Online Event Registration Template | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. | |||||
CVE-2008-1308 | 2 Phpnuke, Sudirman Angriawan | 2 Php-nuke, Nukec30 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | |||||
CVE-2008-0286 | 1 Article Dashboard | 1 Article Dashboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | |||||
CVE-2007-6670 | 1 Phpcredo | 1 Phcdownload | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. | |||||
CVE-2007-6004 | 1 Toko | 1 Instan | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. | |||||
CVE-2007-5402 | 1 Layton Technology | 1 Helpbox | 2024-02-28 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551. | |||||
CVE-2008-0603 | 3 Amazoop, Joomla, Mambo | 3 Awesom, Com Awesom, Com Awesom | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. | |||||
CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
CVE-2007-5181 | 1 Netkamp | 1 Netkamp Emlak Scripti | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. | |||||
CVE-2007-6466 | 1 Freewebshop | 1 Freewebshop | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. |