Search Results (37153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5997 1 Softbizscripts 1 Banner Exchange Network Script 2026-04-23 N/A
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2007-5999 1 Softbizscripts 1 Softbiz Auctions Script 2026-04-23 N/A
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1715 1 Auracms 1 Auracms 2026-04-23 N/A
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
CVE-2008-0835 1 Simple Cms 1 Simple Cms 2026-04-23 N/A
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
CVE-2008-1559 2 Bernard Gilly, Joomla 2 Com Alphacontent, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-1551 1 Runcms 2 Photo Module, Runcms 2026-04-23 N/A
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-6138 1 Vu 1 Mass Mailer 2026-04-23 N/A
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
CVE-2008-0856 1 E-vision 1 E-vision Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6159 1 Tilde 1 Tilde Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
CVE-2008-4777 2 Joomla, Mambo 3 Com Lms, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVE-2007-6168 1 Vu 1 Case Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6941 1 Turnkeyforms 1 Web Hosting Directory 2026-04-23 N/A
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2009-0825 1 Torben Sorensen 1 Tinx\/cms 2026-04-23 N/A
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1487 1 Rens Rikkerink 1 Fungamez 2026-04-23 N/A
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2004 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
CVE-2008-1351 1 Xoops 1 Tutoriais Module 2026-04-23 N/A
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.
CVE-2008-1349 1 Exv2 2 Bamagalerie, Exv2 2026-04-23 N/A
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-1341 1 Lagarde 1 Storefront 2026-04-23 N/A
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0490 1 Wordpress 1 Wp Cal Plugin 2026-04-23 N/A
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6288 1 Tecnick.com 1 Tcexam 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.