Export limit exceeded: 18852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2167 | 1 Egyplus | 1 7ammel | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | ||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2026-04-23 | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2026-04-23 | N/A |
| The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | ||||
| CVE-2008-5163 | 1 Theratstudios | 1 The Rat Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php. | ||||
| CVE-2009-4540 | 1 Bpowerhouse | 1 Mini Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5064 | 1 H\&h | 1 Websoccer | 2026-04-23 | N/A |
| SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-1094 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-23 | N/A |
| SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. | ||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). | ||||
| CVE-2008-5992 | 1 Jetik | 1 Jetik Emlak Sistem A | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php. | ||||
| CVE-2009-1764 | 1 Bokecc | 1 Maxcms | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action. | ||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | ||||
| CVE-2007-5122 | 1 Softbizscripts | 1 Classifieds Plus Script | 2026-04-23 | N/A |
| SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3030 | 1 Efes Tech Shop | 1 Efes Tech Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action. | ||||
| CVE-2008-2522 | 1 Haudenschilt | 1 Battlenet Clan Script | 2026-04-23 | N/A |
| SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action. | ||||
| CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085. | ||||
| CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2026-04-23 | N/A |
| SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | ||||
| CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | ||||
| CVE-2009-3255 | 1 Thomas Cuchta | 1 Rash | 2026-04-23 | N/A |
| SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI. | ||||
| CVE-2009-2308 | 2 Punbb, Punres | 2 Punbb, Affiliates Mod | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. | ||||
| CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||