Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4743 | 1 Quidascript | 1 Faq Management Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-2114 | 1 Preprojects | 1 Pre Shopping Mall | 2026-04-23 | N/A |
| SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2026-04-23 | N/A |
| SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | ||||
| CVE-2007-6559 | 1 Logaholic | 1 Logaholic | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | ||||
| CVE-2008-3044 | 1 Typo3 | 1 News Calendar Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-5595 | 1 Aspapps | 1 Asp Autodealer | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-0692 | 1 Itechscripts | 1 Itechbids | 2026-04-23 | N/A |
| SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2007-6565 | 1 Blakord | 1 Blakord Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. | ||||
| CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | ||||
| CVE-2008-1315 | 1 Php-nuke | 1 Zclassifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. | ||||
| CVE-2008-4666 | 1 Deeserver | 1 Ultimate Webboard | 2026-04-23 | N/A |
| SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter. | ||||
| CVE-2009-0707 | 1 Powerscripts | 1 Powerclan | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0738 | 1 Shoppingtree | 1 Candypress Store | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2254 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. | ||||
| CVE-2008-2184 | 1 Toocharger | 1 Smartblog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3054 | 1 Typo3 | 1 Branchenbuch Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | ||||
| CVE-2008-6242 | 1 Scripts-for-sites | 1 Ez E-store | 2026-04-23 | N/A |
| SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. | ||||
| CVE-2008-7085 | 1 Thehockeystop | 1 Hockeystats Online | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. | ||||