Export limit exceeded: 47023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19570 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2734 | 1 Achievo | 1 Achievo | 2026-04-23 | N/A |
| SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. | ||||
| CVE-2009-3190 | 1 Pad-site-scripts | 1 Pad Site Scripts | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. | ||||
| CVE-2009-3209 | 1 Raizlabs | 1 Php Email Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2009-1508 | 1 Keir Davis | 1 X-forum | 2026-04-23 | N/A |
| SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php. | ||||
| CVE-2009-3203 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2026-04-23 | N/A |
| SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | ||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2026-04-23 | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | ||||
| CVE-2009-3217 | 1 Wiccle | 1 Iwiccle | 2026-04-23 | N/A |
| SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php. | ||||
| CVE-2009-1404 | 1 Pastel | 1 Pastelcms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. | ||||
| CVE-2007-4095 | 1 Bsm Store | 1 Dependent Forums | 2026-04-23 | N/A |
| SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. | ||||
| CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-23 | N/A |
| SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | ||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3218 | 1 The-ghost | 1 Ar Web Content Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-3346 | 1 E-topbiz | 1 Shopcart Dx | 2026-04-23 | N/A |
| SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2008-3212 | 1 Scripteen | 1 Free Image Hosting Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1282 | 1 Glfusion | 1 Glfusion | 2026-04-23 | N/A |
| SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter. | ||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2026-04-23 | N/A |
| SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | ||||
| CVE-2009-3252 | 1 Dave Robinson | 1 Rockbandcms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters. | ||||
| CVE-2007-6266 | 1 Bcoos | 1 Bcoos | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104. | ||||
| CVE-2009-3223 | 1 Inoutscripts | 1 Inout Adserver | 2026-04-23 | N/A |
| SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||