Search Results (37027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4338 1 Vacilanda 1 Brilliant Gallery 2026-04-23 N/A
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.
CVE-2008-4760 1 Graphiks 1 Myforum 2026-04-23 N/A
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4494 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0597 1 W3b Cms 1 Aka W3blabor Cms 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
CVE-2008-3377 1 Brandon Tallent 1 Phptest 2026-04-23 N/A
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
CVE-2009-0598 1 Phpmesfilms 1 Phpmesfilms 2026-04-23 N/A
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2671 1 Dcfm Blog 1 Dcfm Blog 2026-04-23 N/A
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7077 1 Relative 1 Sailplanner 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2008-5589 1 Katywhitton 1 Rankem 2026-04-23 N/A
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2009-0963 1 Xlinesoft 1 Phprunner 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
CVE-2009-1945 1 Tzo 1 Webcal 2026-04-23 N/A
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2008-3406 1 Phplinkat 1 Phplinkat 2026-04-23 N/A
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-2598 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2008-5726 1 Stormboards Aaronnemisis 1 Stormboards 2026-04-23 N/A
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4377 1 Creative Mind 1 Creator Cms 2026-04-23 N/A
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.
CVE-2008-6783 1 Scripts-for-sites 1 Ez Home Business Directory 2026-04-23 N/A
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2009-0831 1 Php-fusion 2 Members Cv Module, Php-fusion 2026-04-23 N/A
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
CVE-2009-1499 1 Joomla 2 Com Mailto, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
CVE-2008-2339 1 Turnkeywebtools 1 Sunshop Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.