Export limit exceeded: 17803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6348 | 1 Developiteasy | 1 Photo Gallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2105 | 1 Kasper Skrhj | 1 References Database | 2026-04-23 | N/A |
| SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-0811 | 1 Auracms | 1 Auracms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php. | ||||
| CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2008-3124 | 1 Mole Group | 1 Hotel Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter. | ||||
| CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | ||||
| CVE-2008-6274 | 1 Mjcreation | 1 Familyproject | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2008-6256 | 1 Vbulletin | 1 Vbulletin | 2026-04-23 | N/A |
| SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | ||||
| CVE-2008-3346 | 1 E-topbiz | 1 Shopcart Dx | 2026-04-23 | N/A |
| SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2008-6741 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php. | ||||
| CVE-2010-0334 | 2 Francisco Cifuentes, Typo3 | 2 Vote For Tt News, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-6345 | 1 Aurora | 1 Aurora Framework | 2026-04-23 | N/A |
| SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2026-04-23 | N/A |
| SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | ||||
| CVE-2008-3757 | 1 Yourfreeworld | 1 Forced Matrix Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | ||||
| CVE-2008-4804 | 2 Nukedgallery, Phpnuke | 2 Gallery, Php-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | ||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | ||||
| CVE-2008-3039 | 1 Typo3 | 1 Dam Frontend Extension | 2026-04-23 | N/A |
| SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||