Search Results (37134 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4719 1 212cafe 1 212cafeboard 2026-04-23 N/A
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2230 1 Broadcom 1 Cleverpath Portal 2026-04-23 N/A
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
CVE-2007-4736 1 Cartkeeper 1 Ckgold Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-2498 1 Mambo-foundation 1 Mambo 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-0768 1 Yapbb 1 Yapbb 2026-04-23 N/A
SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.
CVE-2007-4835 1 Phpmyquote 1 Phpmyquote 2026-04-23 N/A
SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
CVE-2007-4837 1 Proxy Anket 1 Proxy Anket 2026-04-23 N/A
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6880 1 Php-update 1 Php-update 2026-04-23 N/A
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
CVE-2007-4863 1 Quirm 1 Saxon 2026-04-23 N/A
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.
CVE-2009-0741 1 Craftsilicon 1 Banking\@home 2026-04-23 N/A
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
CVE-2007-4952 1 Omnistar Interactive 1 Omnistar Article Manager 2026-04-23 N/A
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
CVE-2007-4953 1 Simpcms 1 Simpcms 2026-04-23 N/A
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2009-1404 1 Pastel 1 Pastelcms 2026-04-23 N/A
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
CVE-2006-7116 1 Kubix 1 Kubix 2026-04-23 N/A
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
CVE-2006-7118 1 Dmxready 1 Site Engine Manager 2026-04-23 N/A
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2007-4966 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
CVE-2009-0574 1 Cafeengine 1 Easycafeengine 2026-04-23 N/A
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
CVE-2008-0546 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.
CVE-2008-0557 1 Mamboserver 1 Catalogshop 2026-04-23 N/A
SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-3506 1 Polypager 1 Polypager 2026-04-23 N/A
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.