Search Results (19542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5261 1 Iscripts 1 Multicart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
CVE-2009-3669 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla 2026-04-23 N/A
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2008-4054 1 Kolifa 1 Download Script 2026-04-23 N/A
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5607 2 Joomitaly, Joomla 2 Jmovies, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-3582 1 Sql-ledger 1 Sql-ledger 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
CVE-2007-1899 1 Mywebland 1 Mybloggie 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
CVE-2006-6095 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2010-0337 1 Typo3 2 Dl3 Tt News Alerts, Typo3 2026-04-23 N/A
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0334 2 Francisco Cifuentes, Typo3 2 Vote For Tt News, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0333 2 Matthias Graubner, Typo3 2 Mg Help, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0332 2 Stefan Tannhaeuser, Typo3 2 Tv21 Talkshow, Typo3 2026-04-23 N/A
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0329 2 Alex Kellner, Typo3 2 Powermail, Typo3 2026-04-23 N/A
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
CVE-2008-3490 1 E-topbiz 1 Online Dating 2026-04-23 N/A
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
CVE-2008-3487 1 Phpauctions 1 Phpauction Gpl Enhanced 2026-04-23 N/A
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3758 1 Citrix 1 Xencenterweb 2026-04-23 N/A
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3531 1 Universe 1 Universe Cms 2026-04-23 N/A
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-7025 1 Sangwan Kim 1 Bookmark4u 2026-04-23 N/A
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
CVE-2009-0883 1 Amunak 1 Blue Eye Cms 2026-04-23 N/A
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
CVE-2009-4432 1 Codemight 1 Videocms 2026-04-23 N/A
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.