Search Results (37044 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3209 1 Raizlabs 1 Php Email Manager 2026-04-23 N/A
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3205 1 Cbauthority 1 Cbauthority 2026-04-23 N/A
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
CVE-2009-3193 2 Joomla, Uwix 2 Joomla, Com Digifolio 2026-04-23 N/A
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
CVE-2009-3175 1 Boldfx 1 Model Agency Manager Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
CVE-2007-3563 1 Avscripts 1 Av Arcade 2026-04-23 N/A
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
CVE-2009-3154 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2008-0651 1 Pedro Santana Codice 1 Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0650 1 Simple Os Cms 1 Simple Os Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4879 1 Maran 1 Php Shop 2026-04-23 N/A
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
CVE-2008-4885 1 Yourfreeworld 1 Scrolling Text Ads Script 2026-04-23 N/A
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2926 1 Phpcompet.free 1 Php Competition System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
CVE-2008-4900 1 Yourfreeworld 1 Classifieds Blaster Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4901 1 Scripts Frenzy 1 Article Publisher Pro 2026-04-23 N/A
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-4904 1 Typosphere 1 Typo 2026-04-23 N/A
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
CVE-2008-4912 1 Rs Maxsoft 2 Fotogalerie, Rs Maxsoft 2026-04-23 N/A
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
CVE-2009-2639 1 Mrcgiguy 1 The Ticket System 2026-04-23 N/A
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
CVE-2009-2619 1 Datachecknh 1 V-spacepal 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2427 1 Jobbr 1 Jobbr 2026-04-23 N/A
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
CVE-2008-1889 1 Xplodphp 1 Autotutorials 2026-04-23 N/A
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1872 1 Comdev 1 Comdev News Publisher 2026-04-23 N/A
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.