Export limit exceeded: 18838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | ||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | ||||
| CVE-2008-4074 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||||
| CVE-2008-4078 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2026-04-23 | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4045 | 1 Frontaccounting | 1 Frontaccounting | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/. | ||||
| CVE-2008-4080 | 1 Stash | 1 Stash | 2026-04-23 | N/A |
| SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4084 | 1 Myiosoft | 1 Easyclassifields | 2026-04-23 | N/A |
| SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | ||||
| CVE-2008-4086 | 1 Source Workshop | 1 Reciprocal Links Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | ||||
| CVE-2008-4092 | 1 Myphpnuke | 1 Myphpnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | ||||
| CVE-2008-4093 | 1 Yourownbux | 1 Yourownbux | 2026-04-23 | N/A |
| SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2008-4094 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. | ||||
| CVE-2009-4037 | 1 Frontaccounting | 1 Frontaccounting | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/. | ||||
| CVE-2008-4144 | 1 Discountedscripts | 1 E-gold Script Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action. | ||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2026-04-23 | N/A |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2009-0447 | 1 Aspindir | 1 Mydesign Sayac | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4154 | 1 Living-e | 1 Webedition Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. | ||||
| CVE-2008-4161 | 1 Assetman | 1 Assetman | 2026-04-23 | N/A |
| SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | ||||
| CVE-2009-3184 | 1 Grapari | 1 E-gold Game Series Pirates Of The Caribbean | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters. | ||||
| CVE-2008-4171 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2008-4172 | 1 Rfaah | 1 Cars-vehicles Script | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. | ||||