Export limit exceeded: 23559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-30245 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.
CVE-2024-30244 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-30238 1 Contest-gallery 1 Contest Gallery 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.
CVE-2024-30236 1 Contest-gallery 1 Contest Gallery 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-23507 1 Instawp 1 Instawp Connect 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2026-33714 1 Chamilo 1 Chamilo Lms 2026-04-23 7.2 High
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0.
CVE-2006-6073 1 Enthrallweb 1 Eshopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
CVE-2008-1732 1 Predictionfootball 1 Predictionfootball 2026-04-23 N/A
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
CVE-2006-6094 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
CVE-2006-6095 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2006-6109 1 Candypress 1 Candypress Store 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
CVE-2006-6157 1 Michaelis Freunde 1 Contentnow 2026-04-23 N/A
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
CVE-2006-6848 1 Aspticker 1 Aspticker 2026-04-23 N/A
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
CVE-2006-6880 1 Php-update 1 Php-update 2026-04-23 N/A
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
CVE-2006-6912 1 Phpmyfaq 1 Phpmyfaq 2026-04-23 N/A
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
CVE-2006-7025 1 Sangwan Kim 1 Bookmark4u 2026-04-23 N/A
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
CVE-2006-7089 1 Ban 1 Ban 2026-04-23 N/A
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0196 1 Motionborg 1 Motionborg Web Real Estate 2026-04-23 N/A
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
CVE-2007-0350 1 Sme 1 Filemailer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.
CVE-2007-0642 1 Rbl 1 Tforum 2026-04-23 N/A
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.