Search Results (19571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6367 1 Duware 3 Dudownload, Dunews, Dupaypal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVE-2007-4716 1 Phd 1 Help Desk 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-0582 1 Chernobile 1 Chernobile 2026-04-23 N/A
SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.
CVE-2007-5131 1 Interspire 1 Activekb Nx 2026-04-23 N/A
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
CVE-2008-6272 1 Miticdjd 1 Apoll 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.
CVE-2008-6220 1 Cafuego 1 Simple Document Management System 2026-04-23 N/A
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
CVE-2008-5004 1 Mywebland 1 Bloggie Lite 2026-04-23 N/A
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
CVE-2009-1066 1 Getpixie 1 Pixie Cms 2026-04-23 N/A
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
CVE-2008-1341 1 Lagarde 1 Storefront 2026-04-23 N/A
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0534 1 Flexcms 1 Flexcms 2026-04-23 N/A
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
CVE-2008-4772 1 Questwork 1 Questcms 2026-04-23 N/A
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
CVE-2009-4615 1 Myrephp 1 Myre Holiday Rental Manager 2026-04-23 N/A
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
CVE-2008-6216 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.
CVE-2009-1742 1 Pc4arb 1 Pc4 Uploader 2026-04-23 N/A
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
CVE-2006-5603 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 9.8 Critical
SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5606 1 Bytesfall Explorer 1 Bytesfall Explorer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
CVE-2009-1323 1 Webfileexplorer 1 Web File Explorer 2026-04-23 N/A
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2025-56216 1 Phpgurukul 1 Hospital Management System 2026-04-22 8.5 High
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVE-2025-56215 1 Phpgurukul 1 Hospital Management System 2026-04-22 6.5 Medium
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
CVE-2025-56214 1 Phpgurukul 1 Hospital Management System 2026-04-22 9.8 Critical
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.