Search Results (19854 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0520 1 Unique Ads 1 Unique Ads 2026-04-23 N/A
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
CVE-2007-0527 1 Website Baker 1 Website Baker 2026-04-23 N/A
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2555 1 Easyway 1 Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2007-1154 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
CVE-2007-1163 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
CVE-2007-1166 1 Nabocorp 1 Nabopoll 2026-04-23 N/A
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
CVE-2007-1171 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
CVE-2007-1250 1 Angel Learning 1 Learning Management Suite 2026-04-23 N/A
SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1302 1 Li-scripts 1 Li-guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
CVE-2007-1897 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
CVE-2007-1899 1 Mywebland 1 Mybloggie 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
CVE-2007-1920 1 Smodbip 1 Smodbip 2026-04-23 N/A
SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.
CVE-2007-1960 1 Xoops 1 Rha7 Downloads Module 2026-04-23 N/A
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-1962 1 Xoops 2 Wf-snippets, Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVE-2007-2000 1 Raphael Limbach 1 Crea-book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
CVE-2007-2111 1 Oracle 1 Database Server 2026-04-23 N/A
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.
CVE-2007-2113 1 Oracle 1 Database Server 2026-04-23 N/A
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.
CVE-2007-2673 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.
CVE-2007-2803 1 Vizayn Urun 1 Tanitim Sitesi 2026-04-23 N/A
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.
CVE-2007-2898 1 2z Project 1 2z Project 2026-04-23 N/A
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.