Export limit exceeded: 19302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2428 | 1 Tauschregal.de | 1 Tausch Ticket Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors. | ||||
| CVE-2008-4043 | 1 Aj Square | 1 Aj Hyip | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. | ||||
| CVE-2008-0650 | 1 Simple Os Cms | 1 Simple Os Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2890 | 1 Offl | 1 Online Fantasy Football League | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php. | ||||
| CVE-2008-6350 | 1 Turnkeyforms | 1 Local Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter. | ||||
| CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2026-04-23 | N/A |
| SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | ||||
| CVE-2008-6783 | 1 Scripts-for-sites | 1 Ez Home Business Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||||
| CVE-2008-2767 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | N/A |
| SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2008-5864 | 2 Joomla, Joomlahbs | 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System | 2026-04-23 | N/A |
| SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | ||||
| CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | ||||
| CVE-2009-1500 | 1 Projectcms | 1 Projectcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter. | ||||
| CVE-2008-2754 | 1 Efiction | 1 Efiction | 2026-04-23 | N/A |
| SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | ||||
| CVE-2008-2843 | 1 Doitlive | 1 Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. | ||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | ||||
| CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2008-6525 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2026-04-23 | N/A |
| SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field). | ||||
| CVE-2008-3711 | 1 Phparcadescript | 1 Phparcadescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action. | ||||
| CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6458 | 2 Dieter Mayer, Typo3 | 2 Fe Address Edit, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2026-04-23 | N/A |
| SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||