Search Results (37115 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6614 1 Impliedbydesign 1 Ibd Micro Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).
CVE-2008-1650 1 Myiosoft 1 Easynews 2026-04-23 N/A
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
CVE-2008-6648 1 Ktools 1 Photostore 2026-04-23 N/A
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
CVE-2008-6405 1 Greatclone 1 Hotscripts Clone 2026-04-23 N/A
SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-2336 1 68 Classifieds 1 68 Classifieds 2026-04-23 N/A
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6632 1 Mercuryboard 1 Mercuryboard 2026-04-23 N/A
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
CVE-2009-1818 1 Maxcms 1 Maxcms 2026-04-23 N/A
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
CVE-2009-1816 1 Mygamescript 1 My Game Script 2026-04-23 N/A
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
CVE-2006-6367 1 Duware 3 Dudownload, Dunews, Dupaypal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVE-2009-1814 1 Jevontech 1 Phpenpals 2026-04-23 N/A
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
CVE-2009-1813 1 Submitterscript 1 Submitterscript 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
CVE-2008-6678 1 Quickersite 1 Quickersite 2026-04-23 N/A
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
CVE-2008-2964 1 Researchguide 1 Researchguide 2026-04-23 N/A
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6642 1 Dotcontent 1 Fluentcms 2026-04-23 N/A
SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2189 1 Anserv 1 Auction Xl 2026-04-23 N/A
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2007-6517 1 Aeries 1 Aeries Browser Interface 2026-04-23 N/A
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-0753 1 Vwar 1 Virtual War 2026-04-23 N/A
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
CVE-2008-1623 1 Lotus Web Studios Inc 1 Smoothflash 2026-04-23 N/A
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-6781 1 Scripts-for-sites 1 Ez Gaming Directory 2026-04-23 N/A
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2009-0543 1 Proftpd 1 Proftpd 2026-04-23 N/A
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.