Search Results (19542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4356 1 Kasseler-cms 1 Kasseler Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.
CVE-2008-4700 1 Liberiacms 1 Liberia Cms 2026-04-23 N/A
SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter.
CVE-2008-5775 1 Apertoblog 1 Apertoblog 2026-04-23 N/A
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4202 1 Gonafish 1 Linkscaffepro 2026-04-23 N/A
SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.
CVE-2008-5631 1 Activewebsoftwares 1 Active Ewebquiz 2026-04-23 N/A
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4204 1 Softacid 1 Hotel Reservation System 2026-04-23 N/A
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
CVE-2008-3291 1 Aprox 2 Aprox Cms Engine, Aproxengine 2026-04-23 N/A
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0363 1 Clever Copy 1 Clever Copy 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
CVE-2008-4709 1 Pilot Group 1 Etraining 2026-04-23 N/A
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0574 1 Cafeengine 1 Easycafeengine 2026-04-23 N/A
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
CVE-2009-4203 1 Arabportal 1 Arab Portal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
CVE-2008-5605 1 Aspapps 1 Aspportal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
CVE-2009-4475 2 Joomla, Joomlub 2 Joomla\!, Com Joomlub 2026-04-23 N/A
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
CVE-2008-4185 1 Webcms 1 Webcms Portal Edition 2026-04-23 N/A
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
CVE-2008-4352 1 Phpsmartcom 1 Phpsmartcom 2026-04-23 N/A
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
CVE-2008-4142 1 Ephpscripts 1 E-php Cms 2026-04-23 N/A
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2009-3778 2 Adam Gerson, Drupal 2 Moodle Courselist, Drupal 2026-04-23 N/A
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4463 1 Vastal I-tech 1 Jobs Zone 2026-04-23 N/A
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2008-2444 1 Calogic 1 Calogic Calendars 2026-04-23 N/A
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.
CVE-2007-6579 1 Ip Reg 1 Ip Reg 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.