Search Results (19658 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1017 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.
CVE-2006-4756 1 Accomplishtechnology 1 Phpmydirectory 2026-04-16 N/A
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3904 1 Etomite 1 Etomite 2026-04-16 N/A
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2005-4263 1 Envolution 1 Envolution 2026-04-16 N/A
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
CVE-2004-2746 1 Pensacola Web Designs 1 Xtremeasp Photogallery 2026-04-16 N/A
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2006-2977 1 Mafia Moblog 1 Mafia Moblog 2026-04-16 N/A
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2003-1523 1 Dbmail 1 Dbmail 2026-04-16 N/A
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
CVE-2005-4027 1 Simplemedia 1 Simplebbs 2026-04-16 N/A
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-2005-4011 1 Codewalkers 1 Ltwcalendar 2026-04-16 N/A
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3877 1 Cafuego 1 Simple Document Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
CVE-2005-3845 1 Ezinvoiceinc 1 Ez Invoice Inc 2026-04-16 N/A
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."
CVE-2005-3497 1 Phphandicapper 1 Php Handicapper 2026-04-16 N/A
SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct
CVE-2006-1360 1 Musicbox 1 Musicbox 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.
CVE-2006-1751 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2416 1 E107 1 E107 2026-04-16 N/A
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
CVE-2006-3139 1 Vwar 1 Virtual War 2026-04-16 N/A
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
CVE-2026-25418 2 Bitpressadmin, Wordpress 2 Bit Form, Wordpress 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-24959 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-16 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
CVE-2026-0806 1 Wordpress 1 Wordpress 2026-04-15 4.9 Medium
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-1258 2 Getwpfunnels, Wordpress 2 Mail Mint – Newsletters, Email Marketing, Automation, Woocommerce Emails, Post Notification, And More, Wordpress 2026-04-15 4.9 Medium
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by', 'order-type', and 'selectedCourses' parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries.