Search Results (19657 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3048 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2977 1 Mafia Moblog 1 Mafia Moblog 2026-04-16 N/A
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2005-4232 1 Jamit 1 Jamit Job Board 2026-04-16 N/A
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection
CVE-2006-3139 1 Vwar 1 Virtual War 2026-04-16 N/A
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
CVE-2004-0366 1 Pam-pgsql 1 Pam-pgsql 2026-04-16 N/A
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
CVE-2006-1676 1 Maxdev 1 Md-pro 2026-04-16 N/A
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.
CVE-2006-4064 1 Yenerturk 1 Yenerturk Haber Script 2026-04-16 N/A
SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected.
CVE-2006-3181 1 Mobescripts 1 Mobile Space Community 2026-04-16 N/A
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.
CVE-2006-3318 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
CVE-2004-1925 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
CVE-2003-0845 2 Jboss, Redhat 2 Jboss, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
CVE-2003-1530 1 Phpbb 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2006-2973 1 Php Lite 1 Calendar Express 2026-04-16 N/A
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.
CVE-2003-0286 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
CVE-2006-4785 1 Moodle 1 Moodle 2026-04-16 N/A
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
CVE-2006-2268 1 Flexcustomer 1 Flexcustomer 2026-04-16 N/A
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
CVE-2005-4382 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.
CVE-2005-3686 1 Newsboard 1 Unclassified Newsboard 2026-04-16 N/A
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.
CVE-2006-0510 1 Daffodil Software 1 Daffodil Crm 2026-04-16 N/A
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.
CVE-2006-0160 1 Venom Board 1 Venom Board 2026-04-16 N/A
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.