Export limit exceeded: 19569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19569 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1403 1 Creloaded 1 Cre Loaded 2026-04-23 N/A
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2009-2786 2 Punbb, Reputation 2 Punbb, Reputation 2026-04-23 N/A
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
CVE-2008-0714 1 Mihalism 1 Multi Host 2026-04-23 N/A
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
CVE-2008-0845 1 Wordpress 1 Dean Logan Wp-people Plugin 2026-04-23 N/A
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
CVE-2009-2927 1 Digitalspinners 1 Ds Cms 2026-04-23 N/A
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
CVE-2009-2926 1 Phpcompet.free 1 Php Competition System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
CVE-2008-5751 1 Alstrasoft 1 Web Email Script Enterprise 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
CVE-2009-1277 1 Gravityboardx 1 Gravity Board X 2026-04-23 N/A
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
CVE-2009-2886 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2891 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-1747 1 26thavenue 1 Bspeak 2026-04-23 N/A
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
CVE-2008-0907 1 Php-nuke 1 Inhalt Module 2026-04-23 N/A
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-2929 1 Tgs-cms 1 Tgs Content Management 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
CVE-2008-6249 1 Gwm 1 Galatolo Webmanager 2026-04-23 N/A
SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3193 2 Joomla, Uwix 2 Joomla, Com Digifolio 2026-04-23 N/A
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
CVE-2008-1426 1 Kaphotoservice 1 Kaphotoservice 2026-04-23 N/A
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-3308 1 Fanupdate 1 Fanupdate 2026-04-23 N/A
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2008-7059 1 Aled Owen 1 One-news 2026-04-23 N/A
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVE-2009-3310 1 Shalwan 1 Zainu 2026-04-23 N/A
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.
CVE-2009-3319 1 Dimofinf 1 Dawaween 2026-04-23 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.