Total
12393 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3. | |||||
CVE-2008-0385 | 1 Urulu | 1 Urulu | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO. | |||||
CVE-2008-0652 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||||
CVE-2007-0520 | 1 Unique Ads | 1 Unique Ads | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
CVE-2007-5630 | 1 Bbsprocess | 1 Bbportals | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action. | |||||
CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0232 | 1 Zero Cms | 1 Zero Cms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php. | |||||
CVE-2007-6392 | 1 Dominion Web | 1 Dwdirectory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | |||||
CVE-2008-0607 | 3 Joomla, Mambo, Sigsiu.net | 3 Com Sobi2, Com Sobi2, Sobi2 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-5189 | 1 X-script | 1 Guestbook | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. | |||||
CVE-2008-0881 | 1 Phpnuke | 1 Okul Module | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | |||||
CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-1295 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter. | |||||
CVE-2007-6035 | 1 Cacti | 1 Cacti | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-6639 | 1 Iptbb Team | 1 Iptbb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action. | |||||
CVE-2008-0690 | 1 Joomla | 1 Com Directory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action. | |||||
CVE-2007-5177 | 2 Mambads, Mambo | 2 Mambads, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||||
CVE-2007-4207 | 1 Kerberosdev | 1 Gallery In A Box | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters. | |||||
CVE-2007-5991 | 1 Exo | 1 Exophpdesk | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. |