Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1505 | 1 Drupal | 2 Drupal, News Page | 2026-04-23 | N/A |
| SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. | ||||
| CVE-2009-3715 | 1 Maniacomputer | 1 Mcshoutbox | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2008-0802 | 2 Joomla, Mediaslide | 2 Com Mediaslide, Com Mediaslide | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action. | ||||
| CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2026-04-23 | N/A |
| SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3131 | 1 Powie | 1 Psys | 2026-04-23 | N/A |
| SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter. | ||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2008-0881 | 1 Phpnuke | 1 Okul Module | 2026-04-23 | N/A |
| SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | ||||
| CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4424 | 2 Imotta, Wordpress | 2 Pyrmont Plugin, Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2026-04-23 | N/A |
| SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | ||||
| CVE-2008-0787 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. | ||||
| CVE-2009-4437 | 1 Activewebsoftwares | 1 Active Auction House | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | ||||
| CVE-2009-4456 | 1 Greendesktiny | 1 Green Desktiny | 2026-04-23 | N/A |
| SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6117 | 1 Pilotgroup | 1 Pg Job Site Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action. | ||||
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2026-04-23 | N/A |
| SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | ||||
| CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2026-04-23 | N/A |
| SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | ||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2026-04-23 | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-5766 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. | ||||
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | ||||
| CVE-2008-0943 | 1 Aeries | 1 Aeries Student Information System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp. | ||||