Export limit exceeded: 19522 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19522 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30238 | 1 Contest-gallery | 1 Contest Gallery | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2. | ||||
| CVE-2024-30236 | 1 Contest-gallery | 1 Contest Gallery | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. | ||||
| CVE-2024-23507 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2026-33714 | 1 Chamilo | 1 Chamilo Lms | 2026-04-23 | 7.2 High |
| Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0. | ||||
| CVE-2008-4527 | 1 Php-fusion | 1 Recepies Module | 2026-04-23 | N/A |
| SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4352 | 1 Phpsmartcom | 1 Phpsmartcom | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | ||||
| CVE-2006-6402 | 1 Mystats | 1 Mystats | 2026-04-23 | N/A |
| SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | ||||
| CVE-2008-0512 | 1 Joomla | 1 Com Fq | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | ||||
| CVE-2009-1065 | 1 Getpixie | 1 Pixie Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3533 | 1 John Beranek | 1 Meeting Room Booking System | 2026-04-23 | N/A |
| SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4348 | 1 Outshine | 1 Phportfolio | 2026-04-23 | N/A |
| SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3780 | 1 Review-script | 1 Five Star Review Script | 2026-04-23 | N/A |
| SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | ||||
| CVE-2008-5952 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2026-04-23 | N/A |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI. | ||||
| CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | ||||
| CVE-2008-1788 | 1 Prozilla | 1 Entertainers | 2026-04-23 | N/A |
| SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6203 | 1 Jakob-persson | 1 Cobalt | 2026-04-23 | N/A |
| SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2026-04-23 | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6258 | 1 Quadcomm | 1 Q-shop | 2026-04-23 | N/A |
| SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108. | ||||
| CVE-2009-3190 | 1 Pad-site-scripts | 1 Pad Site Scripts | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. | ||||
| CVE-2008-6434 | 1 Blueriver | 1 Sava Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter. | ||||