Search Results (19840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6349 1 Turnkeyforms 1 Business Survey Pro 2026-04-23 N/A
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6419 1 Socialsitegenerator 1 Social Site Generator 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
CVE-2008-6358 1 Socialgroupie 1 Social Groupie 2026-04-23 N/A
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6467 1 Mkportal 1 Mkportal 2026-04-23 N/A
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
CVE-2008-6409 1 Brian Wilson 1 Ol\'bookmarks 2026-04-23 N/A
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2026-04-23 N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6345 1 Cms.maury91 1 Solarcms 2026-04-23 N/A
SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2123 1 Elvinbts 1 Elvinbts 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2009-3645 2 Joomla, Joomlacache 2 Joomla\!, Com Cbresumebuilder 2026-04-23 N/A
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
CVE-2007-4762 1 E-smart Cart 1 E-smart Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.
CVE-2009-2888 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2007-6472 1 Phpmyrealty 1 Phpmyrealty 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6247 1 Scripts-for-sites 1 Ez Top Sites 2026-04-23 N/A
SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.
CVE-2008-1426 1 Kaphotoservice 1 Kaphotoservice 2026-04-23 N/A
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-1224 1 Scivox 1 Vsp Stats Processor 2026-04-23 N/A
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
CVE-2008-7091 1 Pligg 1 Pligg Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2008-2890 1 Offl 1 Online Fantasy Football League 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
CVE-2009-3632 1 Typo3 1 Typo3 2026-04-23 N/A
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-0452 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
CVE-2009-4560 1 Worms-league 1 Webleague 2026-04-23 N/A
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.