Search Results (19542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6378 1 Mxmania 1 Calendar Mx Professional 2026-04-23 N/A
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-6210 1 Dream4 1 Koobi 2026-04-23 N/A
SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.
CVE-2008-2673 1 Powie 1 Pnews 2026-04-23 N/A
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
CVE-2008-0099 1 Myphp Forum 1 Myphp Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
CVE-2009-0494 2 Joomla, Mivaco 2 Joomla, Com Portfol 2026-04-23 N/A
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
CVE-2008-4902 1 Scripts Frenzy 1 Article Publisher Pro 2026-04-23 N/A
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2008-2479 1 Badongo 1 Phpfix 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
CVE-2009-4158 2 Mario Matzulla, Typo3 2 Cal, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0219 1 Php Webquest 1 Php Webquest 2026-04-23 N/A
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
CVE-2008-2460 1 Vbulletin 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.
CVE-2008-0224 1 Runcms 1 Runcms 2026-04-23 N/A
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
CVE-2008-2834 1 Sidb 1 Scientific Image Database 2026-04-23 N/A
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4099 2 G4j.laoneo, Joomla 2 Com Gcalendar, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0459 1 Wholehogsoftware 1 Password Protect 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
CVE-2008-1350 1 Fully Modded Phpbb 1 Fully Modded Phpbb 2026-04-23 N/A
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
CVE-2008-1354 1 Advanced Data Solutions 1 Virtual Support Office Xp 2026-04-23 N/A
SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.
CVE-2007-2111 1 Oracle 1 Database Server 2026-04-23 N/A
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.
CVE-2009-3148 1 Portalxp 1 Portalxp 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
CVE-2008-4620 1 Mrbs 1 Mrbs 2026-04-23 N/A
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
CVE-2008-5166 1 Easysitenetwork 1 Riddles Website 2026-04-23 N/A
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.