Search Results (19812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5578 1 Scssboard 1 Scssboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.
CVE-2008-6349 1 Turnkeyforms 1 Business Survey Pro 2026-04-23 N/A
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5665 1 Xoops 1 Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-2380 1 Courier-mta 1 Courtier-authlib 2026-04-23 N/A
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
CVE-2008-6350 1 Turnkeyforms 1 Local Classifieds 2026-04-23 N/A
SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2008-3204 1 E-topbiz 1 Million Pixels 2026-04-23 N/A
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
CVE-2008-3887 1 Dotproject 1 Dotproject 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.
CVE-2008-4890 1 1st News 1 4 Professional 2026-04-23 N/A
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5652 1 Myiosoft 1 Easybookmarker 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6639 1 Iptbb Team 1 Iptbb 2026-04-23 N/A
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
CVE-2008-2412 1 Acgv.free 1 Acgv News 2026-04-23 N/A
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5150 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
CVE-2008-6475 1 Drake Team 1 Drake Cms 2026-04-23 N/A
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
CVE-2008-5739 1 Pligg 1 Pligg Cms 2026-04-23 N/A
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
CVE-2008-2231 1 Slashcode.com 1 Slash 2026-04-23 N/A
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
CVE-2008-3223 2 Drupal, Fedoraproject 2 Drupal, Fedora 2026-04-23 N/A
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
CVE-2008-6327 1 Manzovi 1 Proquiz 2026-04-23 N/A
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.
CVE-2008-6344 1 Typo3 2 Tu-clausthal Staff, Typo3 2026-04-23 N/A
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0853 2 Joomla, Mambo 2 Com Detail, Com Detail 2026-04-23 N/A
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
CVE-2008-6358 1 Socialgroupie 1 Social Groupie 2026-04-23 N/A
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.