Search Results (19643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4027 1 Simplemedia 1 Simplebbs 2026-04-16 N/A
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-2003-1533 1 Phppass 1 Phppass 2026-04-16 N/A
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
CVE-2006-3048 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2005-4058 1 Saralblog 1 Saralblog 2026-04-16 N/A
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php.
CVE-2006-0959 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
CVE-2006-1978 1 Flexbb 1 Flexbb 2026-04-16 N/A
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
CVE-2005-1500 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVE-2005-4349 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 6.3 Medium
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
CVE-2005-4711 1 Neocrome 1 Land Down Under 2026-04-16 N/A
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-2751 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2004-2754 1 Yabb 1 Yabb Se 2026-04-16 N/A
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
CVE-2006-4756 1 Accomplishtechnology 1 Phpmydirectory 2026-04-16 N/A
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2003-1340 1 Phpnuke 1 Php-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
CVE-2005-3325 2 Acid, Secureideas 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
CVE-2006-0074 1 Jevontech 1 Phpenpals 2026-04-16 N/A
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
CVE-2006-0240 1 8pixel.net 1 Simple Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
CVE-2006-0249 1 Bitdamaged 1 Geoblog 2026-04-16 N/A
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).
CVE-2006-1018 1 Dci-designs 1 Dawaween 2026-04-16 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action.
CVE-2006-1751 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-3139 1 Vwar 1 Virtual War 2026-04-16 N/A
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.