Total
12892 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-1154 | 1 Webspell | 1 Webspell | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | |||||
CVE-2007-4611 | 1 Dale Mooney | 1 Calendar Events | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-4835 | 1 Phpmyquote | 1 Phpmyquote | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||||
CVE-2007-6664 | 1 Webportal | 1 Webportal Cms | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | |||||
CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | |||||
CVE-2005-3646 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | |||||
CVE-2006-1962 | 1 Pcpin | 1 Pcpin Chat | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. | |||||
CVE-2005-4027 | 1 Simplemedia | 1 Simplebbs | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | |||||
CVE-2005-3543 | 1 Phorum | 1 Phorum | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | |||||
CVE-2005-3881 | 1 Altantisfaq | 1 Altantis Knowledge Base Software | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | |||||
CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2024-02-28 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | |||||
CVE-2006-1871 | 1 Oracle | 1 Database Server | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | |||||
CVE-2006-2416 | 1 E107 | 1 E107 | 2024-02-28 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | |||||
CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | |||||
CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2024-02-28 | 5.1 MEDIUM | N/A |
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | |||||
CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. |