Search Results (19570 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2232 1 Softbizscripts 1 Banner Ad Management Script 2026-04-23 N/A
SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4604 1 Cafeengine 1 Easycafeengine 2026-04-23 N/A
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2007-0875 1 Mcrefer 1 Mcrefer 2026-04-23 N/A
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
CVE-2009-2310 1 Bow Der Kleine 1 X-blc 2026-04-23 N/A
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2008-1162 1 Php Web Scripts 1 Dynamic Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.
CVE-2007-6292 1 Mwopen 1 E-commerce 2026-04-23 N/A
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2453 1 Phpclassifiedsscript 1 Php Classifieds Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
CVE-2008-0800 1 Joomla 1 Com Mcquiz 2026-04-23 N/A
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
CVE-2009-2385 2 Fustrate, Simple Machines 2 Member Awards, Smf 2026-04-23 N/A
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2553 1 Supersimple 1 Super Simple Blog Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2008-0761 1 Joomla 1 Com Pcchess 2026-04-23 N/A
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.
CVE-2008-0739 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.
CVE-2009-2585 1 Mlffat 1 Mlffat 2026-04-23 N/A
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
CVE-2009-2601 2 Joomla, Joomlaequipment 2 Joomla\!, Juser 2026-04-23 N/A
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
CVE-2009-2604 1 Zenhelpdesk 1 Zen Help Desk 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
CVE-2009-2605 1 Traidnt 1 Traidnt Up 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
CVE-2009-2608 1 Chatelao 1 Php Address Book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
CVE-2009-2612 1 Prosmdr 1 Prosmdr 2026-04-23 N/A
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2619 1 Datachecknh 1 V-spacepal 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1734 1 Omnisoftsol 1 Vidsharepro 2026-04-23 N/A
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.