Search Results (37028 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5630 1 Bbsprocess 1 Bbportals 2026-04-23 N/A
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.
CVE-2008-2501 1 Henning Stoverud 1 Phphotoalbum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
CVE-2009-0534 1 Flexcms 1 Flexcms 2026-04-23 N/A
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
CVE-2008-2479 1 Badongo 1 Phpfix 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
CVE-2009-1657 1 B2evolution 2 B2evolution, Starrating Plugin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4895 1 Yourfreeworld 1 Downline Builder Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3447 1 Bugmall 1 Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
CVE-2009-1323 1 Webfileexplorer 1 Web File Explorer 2026-04-23 N/A
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1919 1 Yourfreeworld 1 Apartment Search Script 2026-04-23 N/A
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2008-0653 1 Joomla 1 Com Ynews 2026-04-23 N/A
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
CVE-2009-3205 1 Cbauthority 1 Cbauthority 2026-04-23 N/A
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
CVE-2009-3209 1 Raizlabs 1 Php Email Manager 2026-04-23 N/A
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2007-5974 1 Jportal 1 Jportal Web Portal 2026-04-23 N/A
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
CVE-2008-2263 1 Cmsnx 1 Automated Link Exchange Portal 2026-04-23 N/A
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
CVE-2009-3754 1 Kreotek 1 Phpbms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
CVE-2008-0652 2 Joomla, Mambo 2 Com Downloads, Com Downloads 2026-04-23 N/A
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
CVE-2009-2593 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2008-4467 1 Vastal I-tech 1 Toner Cart 2026-04-23 N/A
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5816 1 Ilias 1 Ilias 2026-04-23 N/A
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.