Search Results (19845 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6091 1 Bmforum 1 Bmforum 2026-04-23 N/A
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.
CVE-2008-5609 1 Typo3 2 Commerce Extension, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0339 1 Dmxready 1 Blog Manager 2026-04-23 N/A
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
CVE-2009-0293 1 Wazzum 1 Wazzum Dating Software 2026-04-23 N/A
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2008-6150 1 Sepcity 1 Classified Ads 2026-04-23 N/A
SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-6907 1 2532gigs 1 2532gigs 2026-04-23 N/A
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
CVE-2008-6188 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
CVE-2008-2429 1 Calendarix 1 Basic 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
CVE-2008-6163 1 Openx 1 Openx 2026-04-23 N/A
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
CVE-2007-3301 1 Fusetalk 1 Fusetalk 2026-04-23 N/A
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273.
CVE-2008-5586 1 Check Up 1 Check New 2026-04-23 N/A
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2007-4918 1 Gelatocms 1 Gelatocms 2026-04-23 N/A
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.
CVE-2009-2639 1 Mrcgiguy 1 The Ticket System 2026-04-23 N/A
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
CVE-2008-6148 2 Joomla, Raven-worx 2 Joomla, Liveticker 2026-04-23 N/A
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.
CVE-2009-1229 1 Arcadwy 1 Arcadwy Arcade Script 2026-04-23 N/A
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
CVE-2008-6152 1 Sepcity 1 Faculty Portal 2026-04-23 N/A
SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file.
CVE-2008-6968 1 Pligg 1 Pligg Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
CVE-2008-6042 1 Netartmedia 1 Real Estate Portal 2026-04-23 N/A
SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.
CVE-2008-5970 1 I-netsolution 1 Orkut Clone 2026-04-23 N/A
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2008-6166 2 Jmds, Joomla 2 Com Kbase, Joomla 2026-04-23 N/A
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.