Export limit exceeded: 19569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4256 1 Truesolution 1 Alefmentor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
CVE-2008-3213 1 Webcms 1 Webcms Portal Edition 2026-04-23 N/A
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
CVE-2008-0026 1 Cisco 2 Unified Callmanager, Unified Communications Manager 2026-04-23 N/A
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
CVE-2008-3297 1 Social Engine 1 Social Engine 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
CVE-2008-7083 1 Revou 1 Micro Blogging Twitter Clone 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-7049 1 Natterchat 1 Natterchat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-6776 1 Scripts-for-sites 1 Ez Hot Or Not 2026-04-23 N/A
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
CVE-2008-3948 1 Xrms 1 Xrms Crm 2026-04-23 N/A
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
CVE-2008-6779 1 Phpnuke 2 Php-nuke, Sarkilar Module 2026-04-23 N/A
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2026-04-23 N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6381 1 Typo3 1 Typo3 2026-04-23 N/A
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
CVE-2009-4238 1 Teamst 1 Testlink 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.
CVE-2008-6992 1 Greensql 1 Greensql Firewall 2026-04-23 N/A
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
CVE-2008-6986 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.
CVE-2008-4357 1 Powie 1 Plink 2026-04-23 N/A
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6880 1 Easysitenetwork 1 Jokes Complete Website 2026-04-23 N/A
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4371 1 Availscript 1 Availscript Article Script 2026-04-23 N/A
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
CVE-2008-6787 1 Jeremy Powers 1 Lizardware Cms 2026-04-23 N/A
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.
CVE-2007-6540 1 Neuron 1 News 2026-04-23 N/A
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.