Search Results (19350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6968 1 Pligg 1 Pligg Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
CVE-2008-7040 2 Wordpress, Yellowswordfish 2 Wordpress, Simple Forum 2026-04-23 N/A
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2008-2263 1 Cmsnx 1 Automated Link Exchange Portal 2026-04-23 N/A
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
CVE-2008-7145 1 Coronamatrix 1 Phpaddressbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-7169 2 Jabode, Joomla 2 Com Jabode, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
CVE-2009-0373 2 Elearningforce, Joomla 2 Flash Magazine Deluxe, Joomla 2026-04-23 N/A
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
CVE-2009-0377 1 Joomla 2 Com Beamospetition, Joomla 2026-04-23 N/A
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
CVE-2009-0380 3 Joomla, Mambo-foundation, Sigsiu.net 3 Joomla, Mambo, Sobi2 2026-04-23 N/A
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
CVE-2009-0381 2 Bazaarbuilder, Joomla 2 Ecommerce Shopping Cart, Joomla 2026-04-23 N/A
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
CVE-2009-0384 1 Adam Tomecek 1 Ownrs 2026-04-23 N/A
SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0394 1 Ple Cms 1 Ple Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
CVE-2007-4837 1 Proxy Anket 1 Proxy Anket 2026-04-23 N/A
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0400 1 Socialengine 1 Socialengine 2026-04-23 N/A
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-0401 1 Ephpscripts 1 E-php Cms 2026-04-23 N/A
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-0402 1 Gplhost 1 Domain Technologie Control 2026-04-23 N/A
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
CVE-2009-0405 1 Smartsitecms 1 Smartsitecms 2026-04-23 N/A
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
CVE-2009-0406 1 Community Cms 1 Community Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0407 1 Humayun Shabbir 1 Php-cms Project 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-0409 1 Mzbservices 1 Max.blog 2026-04-23 N/A
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-0421 1 Joomla 2 Com Eventing, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.