Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4073 1 Zanfi Solutions 1 Autodealers Cms Autonline 2026-04-23 N/A
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
CVE-2008-0499 1 Mamboxchange 1 Laithai 2026-04-23 N/A
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0562 1 Mamboserver 2 Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-7049 1 Natterchat 1 Natterchat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-7208 1 Insane Visions 1 Onecms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
CVE-2007-6671 1 Instantsoftwares 1 Dating Site 2026-04-23 N/A
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
CVE-2009-1345 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
CVE-2008-0616 1 Dmsguestbook Project 1 Dmsguestbook 2026-04-23 N/A
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2009-2361 1 Osticket 1 Osticket 2026-04-23 N/A
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
CVE-2008-0649 1 Adp 1 Astanda Directory Project 2026-04-23 N/A
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-2009-1813 1 Submitterscript 1 Submitterscript 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
CVE-2008-2194 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2009-1346 1 Interguias 1 Nethoteles 2026-04-23 N/A
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
CVE-2009-2123 1 Elvinbts 1 Elvinbts 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2008-2222 1 Eqdkp 1 Eqdkp 2026-04-23 N/A
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
CVE-2008-0651 1 Pedro Santana Codice 1 Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4208 1 Open-school 1 Open-school 2026-04-23 N/A
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
CVE-2009-2122 2 Paolo Palmonari, Wordpress 2 Photoracer Plugin For Wordpress, Wordpress 2026-04-23 N/A
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2914 1 Preprojects 1 Php Jobwebsite Pro 2026-04-23 N/A
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6741 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.