Search Results (19542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1409 1 E107 1 E107 2026-04-23 N/A
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
CVE-2008-2765 1 Xigla 1 Absolute Image Gallery Xe 2026-04-23 N/A
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
CVE-2008-2770 1 Mycrocms 1 Mycrocms 2026-04-23 N/A
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
CVE-2009-1362 1 Chcounter 1 Chcounter 2026-04-23 N/A
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1347 1 Chcounter 1 Chcounter 2026-04-23 N/A
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
CVE-2009-1256 1 Flexcms 1 Flexcms 2026-04-23 N/A
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-0606 3 Joomla, Mambo, Phil Taylor 3 Com Shambo2, Com Shambo2, Shambo2 2026-04-23 N/A
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.
CVE-2007-5068 1 Phpfullannu 1 Phpfullannu 2026-04-23 N/A
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
CVE-2008-3054 1 Typo3 1 Branchenbuch Extension 2026-04-23 N/A
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2963 1 Myblog 1 Myblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
CVE-2008-2858 1 Webchamado 1 Webchamado 2026-04-23 N/A
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0675 1 The Everything Development Company 1 The Everything Development Engine 2026-04-23 N/A
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter.
CVE-2008-0677 1 A-blog 1 A-blog 2026-04-23 N/A
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
CVE-2008-0686 2 Joomla, Mambo 2 Com Neoreferences, Com Neoreferences 2026-04-23 N/A
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-2816 1 O2php 1 Oxygen 2026-04-23 N/A
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.
CVE-2008-2685 1 Battleblog 1 Battleblog 2026-04-23 N/A
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
CVE-2008-2676 1 Joomla 2 Com News Portal, Joomla 2026-04-23 N/A
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2008-0733 1 Cs Team 1 Counter Strike Portal 2026-04-23 N/A
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.
CVE-2008-0738 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7040 2 Wordpress, Yellowswordfish 2 Wordpress, Simple Forum 2026-04-23 N/A
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.