Export limit exceeded: 18932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1555 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | N/A |
| SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | ||||
| CVE-2010-2131 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | ||||
| CVE-2010-2140 | 1 Multishopcms | 1 Multishop Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-2141 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. | ||||
| CVE-2010-2142 | 1 Murat Ersoy | 1 Cyberhost | 2025-04-11 | N/A |
| SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2010-2148 | 2 Joomla, Unisoft | 2 Joomla\!, Com Mycar | 2025-04-11 | N/A |
| SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php. | ||||
| CVE-2010-4967 | 1 Atcom | 1 Netvolution | 2025-04-11 | N/A |
| SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | ||||
| CVE-2011-5213 | 1 Browsercrm | 1 Browsercrm | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | ||||
| CVE-2009-4947 | 1 Q2solutions | 1 Connx | 2025-04-11 | N/A |
| SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | ||||
| CVE-2012-5453 | 1 Atutor | 1 Acontent | 2025-04-11 | N/A |
| SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | ||||
| CVE-2009-4950 | 2 Tim Lochmueller \& Thomas Buss, Typo3 | 2 A21glossary Advanced Output, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4954 | 2 Typo3, Websedit | 2 Typo3, Sk Calendar | 2025-04-11 | N/A |
| SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-5327 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. | ||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | ||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-0982 | 1 Vastal | 1 Agent Zone | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter. | ||||
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4966 | 2 Elemente, Typo3 | 2 Ast Addresszipsearch, Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||