Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1644 | 1 Savas Place | 1 Savas Link Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2278 | 1 Freelanceauction | 1 Freelance Auction Script | 2026-04-23 | N/A |
| SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action. | ||||
| CVE-2008-6068 | 2 Joomla, Web Design Hero | 2 Joomla, Joomladate | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php. | ||||
| CVE-2009-2781 | 1 Arabportal | 1 Arab Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | ||||
| CVE-2008-6986 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. | ||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | ||||
| CVE-2008-2265 | 1 Emophp | 1 Emo Realty Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter. | ||||
| CVE-2008-4703 | 1 Bosdev | 1 Bosnews | 2026-04-23 | N/A |
| SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter. | ||||
| CVE-2008-4078 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6964 | 1 X7 Group | 1 X7 Chat | 2026-04-23 | N/A |
| SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | ||||
| CVE-2008-4055 | 1 Texmedia | 1 Million Pixel Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | ||||
| CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | ||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2026-04-23 | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | ||||
| CVE-2008-6889 | 1 Activewebsoftwares | 1 Aspreferral | 2026-04-23 | N/A |
| SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | ||||
| CVE-2008-6917 | 1 Exoscripts | 1 Exophpdesk | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | ||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | ||||
| CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2026-04-23 | N/A |
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | ||||
| CVE-2008-3223 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2026-04-23 | N/A |
| SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." | ||||
| CVE-2009-3713 | 1 Morcego | 1 Morcegocms | 2026-04-23 | N/A |
| SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string. | ||||