Search Results (37097 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2365 1 Datachecknh 1 Gallerypal Fe 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2909 1 Clever Copy 1 Clever Copy 2026-04-23 N/A
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
CVE-2008-2902 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
CVE-2008-2194 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2008-2191 1 Postnuke Software Foundation 1 Pnencyclopedia 2026-04-23 N/A
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
CVE-2008-2177 1 Php Directory Source 1 Phpdirectorysource 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
CVE-2009-2254 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
CVE-2009-2152 1 Isabela Gasparini 1 Adaptweb 2026-04-23 N/A
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
CVE-2008-1934 1 Crazy Goomba 1 Crazy Goomba 2026-04-23 N/A
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2144 3 Edgewall, Firestats, Wordpress 3 Firestats, Firestats, Wordpress 2026-04-23 N/A
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2142 1 Zipstore 1 Zip Store Chat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
CVE-2008-1921 1 5th Avenue Software 1 5th Avenue Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.
CVE-2008-1918 1 Php-fusion 1 Php-fusion 2026-04-23 N/A
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
CVE-2009-2123 1 Elvinbts 1 Elvinbts 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2008-1911 1 1024 Cms 1 1024 Cms 2026-04-23 N/A
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
CVE-2009-2122 2 Paolo Palmonari, Wordpress 2 Photoracer Plugin For Wordpress, Wordpress 2026-04-23 N/A
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1907 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
CVE-2008-1646 2 Arnos Toolbox, Wordpress 2 Wp-download, Wp Download 2026-04-23 N/A
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
CVE-2008-1640 1 Jgs-xa 1 Jgs Treffen 2026-04-23 N/A
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
CVE-2008-1639 1 Neat Web 1 Neat-web 2026-04-23 N/A
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.