Export limit exceeded: 16417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2026-04-23 | N/A |
| SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | ||||
| CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2026-04-23 | N/A |
| SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | ||||
| CVE-2008-5926 | 1 Asp-dev | 1 Internal E-mail System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2754 | 1 Efiction | 1 Efiction | 2026-04-23 | N/A |
| SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | ||||
| CVE-2009-0738 | 1 Frankmancuso | 1 Auth Php | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2008-2029 | 1 Minibb | 1 Minibb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | ||||
| CVE-2008-2065 | 1 Yourfreeworld | 1 Jokes Site Script | 2026-04-23 | N/A |
| SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter. | ||||
| CVE-2008-3586 | 1 Joomla | 1 Com Ezstore | 2026-04-23 | N/A |
| SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | ||||
| CVE-2009-1947 | 1 Newsboard | 1 Unclassified Newsboard | 2026-04-23 | N/A |
| SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686. | ||||
| CVE-2008-6892 | 1 Peel | 1 Peel | 2026-04-23 | N/A |
| SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572. | ||||
| CVE-2008-4143 | 1 Razorecommerce | 1 Shopping Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5633 | 1 Activewebsoftwares | 1 Activevotes | 2026-04-23 | N/A |
| SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2685 | 1 Battleblog | 1 Battleblog | 2026-04-23 | N/A |
| SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. | ||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2026-04-23 | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | ||||
| CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-5806 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-3591 | 1 21degrees | 1 Symphony | 2026-04-23 | N/A |
| SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php. | ||||
| CVE-2008-2339 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. | ||||
| CVE-2008-4241 | 1 Cj | 1 Ultra Plus | 2026-04-23 | N/A |
| SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie. | ||||
| CVE-2008-1163 | 1 Phparcadescript | 1 Phparcadescript | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action. | ||||