Search Results (36995 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6389 1 Aliensoftcorp 1 Rae Media Contact Management 2026-04-23 N/A
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3273 1 Fusetalk 1 Fusetalk 2026-04-23 N/A
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4335 1 Atomic Photo Album 1 Atomic Photo Album 2026-04-23 N/A
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
CVE-2008-4332 1 Cannot 1 Php Infoboard 2026-04-23 N/A
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
CVE-2008-6691 2 Diocese Of Portsmouth, Typo3 2 Pd Calendar Today, Typo3 2026-04-23 N/A
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-2915 1 2fly 1 Gift Delivery System 2026-04-23 N/A
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
CVE-2010-0342 1 Typo3 2 Job Reports, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4093 1 Yourownbux 1 Yourownbux 2026-04-23 N/A
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2009-3150 1 Multi-website 1 Multi Website 2026-04-23 N/A
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
CVE-2008-4091 1 Source Workshop 1 Web Directory Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
CVE-2008-4185 1 Webcms 1 Webcms Portal Edition 2026-04-23 N/A
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
CVE-2008-1350 1 Fully Modded Phpbb 1 Fully Modded Phpbb 2026-04-23 N/A
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
CVE-2008-6241 1 China-on-site 1 Flexphpsite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
CVE-2008-4178 1 Downline Goldmine 2 Builder, New Addon 2026-04-23 N/A
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4176 1 Asp Indir 1 Fot Video Scripti 2026-04-23 N/A
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
CVE-2009-0968 2 Fahlstad, Wordpress 2 Fmoblog Plugin, Wordpress 2026-04-23 N/A
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0965 1 Ismail Fahmi 1 Ganesha Digital Library 2026-04-23 N/A
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
CVE-2008-4145 1 Addalink 1 Addalink 2026-04-23 N/A
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-5122 1 Softbizscripts 1 Classifieds Plus Script 2026-04-23 N/A
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1277 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.