Search Results (37146 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4571 1 Phpshop 1 Phpshop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
CVE-2008-2643 1 Joomla 1 Com Biblestudy 2026-04-23 N/A
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
CVE-2009-4574 1 I-escorts 1 I-escorts Directory Script 2026-04-23 N/A
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2008-2652 1 Smeweb 1 Smeweb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
CVE-2009-4582 1 Xoops 1 Xoops Dictionary 2026-04-23 N/A
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2678 1 Telephone 1 Telephone Directory 2008 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
CVE-2008-2692 1 Joomla 1 Com Yvcomment 2026-04-23 N/A
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
CVE-2009-4595 1 Phpwares 1 Php Inventory 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2697 2 Joomla, Rapid-source 2 Com Rapidrecipe, Rapid Recipe 2026-04-23 N/A
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
CVE-2009-4624 1 Nicecoder 1 Idesk 2026-04-23 N/A
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
CVE-2009-4625 2 Joomla, Tamlyncreative 2 Joomla\!, Com Bfsurvey Profree 2026-04-23 N/A
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.
CVE-2008-2746 1 Gryphon 1 Gllcts2 2026-04-23 N/A
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.
CVE-2008-2754 1 Efiction 1 Efiction 2026-04-23 N/A
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVE-2008-2757 1 Xigla 1 Absolute News Manager Xe 2026-04-23 N/A
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2008-2765 1 Xigla 1 Absolute Image Gallery Xe 2026-04-23 N/A
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
CVE-2008-2774 1 Cartkeeper 1 Ckgold Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
CVE-2008-4884 1 Yourfreeworld 1 Classifieds Hosting Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2790 1 Mountaingrafix 1 Easytrade 2026-04-23 N/A
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5488 1 E-topbiz 1 Domain Shop 2026-04-23 N/A
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter.
CVE-2008-2529 1 Advanced Links Management 1 Advanced Links Management 2026-04-23 N/A
SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.