Search Results (37020 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0110 1 Riotpix 1 Riotpix 2026-04-23 N/A
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2009-0111 1 Goople Cms 1 Goople Cms 2026-04-23 N/A
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6330 1 Jaia Interactive 1 Mytopix 2026-04-23 N/A
SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action.
CVE-2008-6076 2 Jlleblanc, Joomla 2 Com Dailymessage, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-4887 1 Netrisk 1 Netrisk 2026-04-23 N/A
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.
CVE-2008-4889 1 Dev\!l\'s 1 Clanportal 2026-04-23 N/A
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
CVE-2008-6652 1 Insanevisions 1 Onecms 2026-04-23 N/A
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
CVE-2007-5916 1 Phphelpdesk 1 Phphelpdesk 2026-04-23 N/A
SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures."
CVE-2007-3933 1 Quickestore 1 Quickestore 2026-04-23 N/A
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.
CVE-2008-4912 1 Rs Maxsoft 2 Fotogalerie, Rs Maxsoft 2026-04-23 N/A
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
CVE-2008-4883 1 Yourfreeworld 1 Blog Blaster Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4163 2 Tw Productfinder, Typo3 2 Tw Productfinder, Typo3 2026-04-23 N/A
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4904 1 Typosphere 1 Typo 2026-04-23 N/A
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
CVE-2008-4743 1 Quidascript 1 Faq Management Script 2026-04-23 N/A
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-4901 1 Scripts Frenzy 1 Article Publisher Pro 2026-04-23 N/A
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-4881 1 Yourfreeworld 1 Reminder Service Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4900 1 Yourfreeworld 1 Classifieds Blaster Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0407 1 Humayun Shabbir 1 Php-cms Project 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-5940 1 Modxcms 1 Modxcms 2026-04-23 N/A
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4753 1 Aj Square Inc 1 Rss Reader 2026-04-23 N/A
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.