Search Results (19843 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2529 1 Advanced Links Management 1 Advanced Links Management 2026-04-23 N/A
SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.
CVE-2009-3150 1 Multi-website 1 Multi Website 2026-04-23 N/A
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
CVE-2009-3148 1 Portalxp 1 Portalxp 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
CVE-2008-2532 1 Aj Square 1 Aj Hyip 2026-04-23 N/A
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3185 1 Comsenz 2 Crazy Star Plugin, Discuz\! 2026-04-23 N/A
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
CVE-2009-3125 1 Mozilla 1 Bugzilla 2026-04-23 N/A
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2007-4603 1 Altercoder 1 Acg News 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.
CVE-2008-2536 1 Yabsoft 1 Advanced Image Hosting Script 2026-04-23 N/A
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
CVE-2009-3205 1 Cbauthority 1 Cbauthority 2026-04-23 N/A
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
CVE-2009-3119 2 Php-fusion, X-iweb.ru 2 Php-fusion, Download System Msf 2026-04-23 N/A
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.
CVE-2008-2522 1 Haudenschilt 1 Battlenet Clan Script 2026-04-23 N/A
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
CVE-2008-2554 1 Bp Blog 1 Bp Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
CVE-2009-3215 2 Joomla, Php-shop-system 2 Joomla, Ixxo Cart 2026-04-23 N/A
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2009-3118 1 Danneo 1 Cms 2026-04-23 N/A
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.
CVE-2009-3218 1 The-ghost 1 Ar Web Content Manager 2026-04-23 N/A
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-2560 1 Fourtwosevenbb 1 427bb 2026-04-23 N/A
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2009-3224 2 68classifieds, Classified-software 2 68 Classifieds, Super Mod System 2026-04-23 N/A
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2008-2562 1 Powerphlogger 1 Powerphlogger 2026-04-23 N/A
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
CVE-2009-3778 2 Adam Gerson, Drupal 2 Moodle Courselist, Drupal 2026-04-23 N/A
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3788 1 Opendocman 1 Opendocman 2026-04-23 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.