Export limit exceeded: 19840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0256 1 Matteo Binda 1 Asp Photo Gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
CVE-2008-3419 1 Greatclone 1 Youtuber Clone 2026-04-23 N/A
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
CVE-2007-3539 1 Qt-cute 2 Quicktalk Forum, Quickticket 2026-04-23 N/A
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.
CVE-2008-2562 1 Powerphlogger 1 Powerphlogger 2026-04-23 N/A
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
CVE-2008-2568 1 Joomla 2 Com Simpleshop, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
CVE-2008-0920 1 Open Source Security Information Management 1 Os-sim 2026-04-23 N/A
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
CVE-2008-2673 1 Powie 1 Pnews 2026-04-23 N/A
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
CVE-2009-3154 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-3217 1 Wiccle 1 Iwiccle 2026-04-23 N/A
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
CVE-2009-3175 1 Boldfx 1 Model Agency Manager Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
CVE-2009-3184 1 Grapari 1 E-gold Game Series Pirates Of The Caribbean 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.
CVE-2008-4890 1 1st News 1 4 Professional 2026-04-23 N/A
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3255 1 Thomas Cuchta 1 Rash 2026-04-23 N/A
SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.
CVE-2008-4142 1 Ephpscripts 1 E-php Cms 2026-04-23 N/A
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2008-4145 1 Addalink 1 Addalink 2026-04-23 N/A
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-3316 2 Jforjoomla, Joomla 2 Com Jreservation, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2008-3445 1 Phpmyrealty 1 Phpmyrealty 2026-04-23 N/A
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
CVE-2008-5890 1 Injader 1 Injader 2026-04-23 N/A
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2670 1 Insanelysimple2 1 Isblog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.
CVE-2008-6696 2 Manu Oehler, Typo3 2 Toto, Typo3 2026-04-23 N/A
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.