Export limit exceeded: 19815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3561 1 Powergap 1 Shopsystem 2026-04-23 N/A
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
CVE-2008-7049 1 Natterchat 1 Natterchat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
CVE-2008-6865 2 Php-nuke, Phpnuke 2 Sections Module, Php-nuke 2026-04-23 N/A
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
CVE-2008-6180 1 Newlife Blogger 1 Newlife Blogger 2026-04-23 N/A
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
CVE-2007-5233 1 Deonixscripts 1 Web Template Management System 2026-04-23 N/A
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
CVE-2008-0139 1 Loudblog 1 Loudblog 2026-04-23 N/A
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
CVE-2008-4494 1 Torrenttrader 1 Torrenttrader 2026-04-23 N/A
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0695 1 Free Lan Intra Internet Portal 1 Free Lan Intra Internet Portal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
CVE-2008-3719 1 Scripts-for-sites 1 Affiliate Directory 2026-04-23 N/A
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.
CVE-2008-6985 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
CVE-2008-0842 1 Joomla 1 Com Clasifier 2026-04-23 N/A
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-5991 1 Exo 1 Exophpdesk 2026-04-23 N/A
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
CVE-2008-0253 1 Binn 1 Sbuilder 2026-04-23 N/A
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2009-2142 1 Zipstore 1 Zip Store Chat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
CVE-2009-0284 1 Flaxweb 1 Flax Article Manager 2026-04-23 N/A
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-0224 1 Runcms 1 Runcms 2026-04-23 N/A
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
CVE-2008-7059 1 Aled Owen 1 One-news 2026-04-23 N/A
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVE-2008-2874 1 Softbizscripts 1 Softbiz Jokes And Funny Pics Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
CVE-2009-2311 2 Selbstzweck, Woltlab 2 Rgallery Plugin, Burning Board 2026-04-23 N/A
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
CVE-2009-1819 1 2daybiz 1 Custom T-shirt Design Script 2026-04-23 N/A
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.