Export limit exceeded: 347834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5970 | 1 I-netsolution | 1 Orkut Clone | 2026-04-23 | N/A |
| SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5975 | 1 Activewebsoftwares | 1 Active Price Comparison | 2026-04-23 | N/A |
| SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6011 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | ||||
| CVE-2008-6015 | 1 Editeurscripts | 1 Esfaq | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7153 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. | ||||
| CVE-2008-7145 | 1 Coronamatrix | 1 Phpaddressbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. | ||||
| CVE-2008-7083 | 1 Revou | 1 Micro Blogging Twitter Clone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2008-7049 | 1 Natterchat | 1 Natterchat | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206. | ||||
| CVE-2008-7030 | 1 Site2nite | 1 Real Estate Web | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | ||||
| CVE-2009-4200 | 2 Joomla, Vollmar | 2 Joomla\!, Com Seminar | 2026-04-23 | N/A |
| SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. | ||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2026-04-23 | N/A |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | ||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-22 | 8.5 High |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-22 | 6.5 Medium |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | ||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-22 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | ||||
| CVE-2025-10726 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 9.1 Critical |
| The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Additionally, the result of this SQL injection is passed directly to PHP's unlink() function, allowing attackers to delete arbitrary files on the server by injecting file paths through the SQL query. | ||||
| CVE-2026-4507 | 1 Mindinventory | 1 Mindsql | 2026-04-22 | 6.3 Medium |
| A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4173 | 1 Codephiliax | 1 Chat2db | 2026-04-22 | 6.3 Medium |
| A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4190 | 1 Jawherkl | 1 Node-api-postgres | 2026-04-22 | 7.3 High |
| A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4189 | 1 Phpipam | 1 Phpipam | 2026-04-22 | 4.7 Medium |
| A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4485 | 1 Itsourcecode | 1 College Management System | 2026-04-22 | 6.3 Medium |
| A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||