Search Results (37177 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4169 1 Iscripts 1 Easyindex 2026-04-23 N/A
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
CVE-2008-7038 2 Maxdev, Phpnuke 2 My Egallery, Php-nuke 2026-04-23 N/A
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2009-0295 1 Itlpoll 1 Itpoll 2026-04-23 N/A
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7075 1 Kalptaru Infotech 1 Stararticles 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3501 1 Bpowerhouse 1 Bpstudents 2026-04-23 N/A
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.
CVE-2008-6789 1 Minddezign 1 Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
CVE-2008-2856 1 Ownrs 1 Ownrs 2026-04-23 N/A
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3332 2 Joomla, Sopinet 2 Joomla, Com Jbudgetsmagic 2026-04-23 N/A
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
CVE-2008-5633 1 Activewebsoftwares 1 Activevotes 2026-04-23 N/A
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-0857 1 Woltlab 1 Burning Board 2026-04-23 N/A
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
CVE-2008-2860 1 Aj Square 1 Aj Auction 2026-04-23 N/A
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2008-0849 2 Joomla, Mambo 2 Com Downloads, Com Downloads 2026-04-23 N/A
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
CVE-2008-0846 2 Joomla, Mambo 2 Com Profile, Com Profile 2026-04-23 N/A
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
CVE-2008-0845 1 Wordpress 1 Dean Logan Wp-people Plugin 2026-04-23 N/A
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
CVE-2008-0841 2 Joomla, Mambo 2 Com Ricette Component, Com Ricette Component 2026-04-23 N/A
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2381 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
CVE-2008-3297 1 Social Engine 1 Social Engine 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
CVE-2007-5189 1 X-script 1 Guestbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6142 1 China-on-site 1 Flexphpic 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.