Export limit exceeded: 19841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19841 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0651 1 Pedro Santana Codice 1 Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4430 1 Virtuemart 1 Virtuemart 2026-04-23 N/A
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
CVE-2008-0737 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
CVE-2009-3582 1 Sql-ledger 1 Sql-ledger 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
CVE-2008-4496 1 Select Development Solutions 1 Php Realtor 2026-04-23 N/A
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
CVE-2007-2571 1 Xoops 1 Wfquotes Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVE-2009-2734 1 Achievo 1 Achievo 2026-04-23 N/A
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
CVE-2008-6029 1 Buzzywall 1 Buzzywall 2026-04-23 N/A
SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-5306 1 Pilot Group 1 Pg Real Estate Solution 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
CVE-2007-3399 1 Phpee 1 Power Phlogger 2026-04-23 N/A
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
CVE-2008-1407 1 Exv2 1 Exv2 2026-04-23 N/A
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
CVE-2008-6911 1 Brewblogger 1 Brewblogger 2026-04-23 N/A
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information.
CVE-2007-5016 1 Insane Visions 1 Onecms 2026-04-23 N/A
SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter.
CVE-2009-2098 1 Micheal Glazer 1 Phportal 2026-04-23 N/A
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4396 2 Fr.simon Rundell, Typo3 2 Pd Resources, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5223 1 Airvae 1 Commerce 2026-04-23 N/A
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-2099 2 Ijoomla, Joomla 2 Com Rssfeeder, Joomla 2026-04-23 N/A
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2008-4375 1 Availscript 1 Availscript Classmate Script 2026-04-23 N/A
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-6111 1 Netart Media 1 Vlog System 2026-04-23 N/A
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
CVE-2008-6851 1 Php Link Directory 1 Php Link Directory 2026-04-23 N/A
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.