Export limit exceeded: 366574 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19841 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5226 3 Joomla, Mambads, Mambo 3 Joomla, Mambads, Mambo 2026-04-23 N/A
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2008-5223 1 Airvae 1 Commerce 2026-04-23 N/A
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-4155 1 Eshopbuilder 1 Eshopbuilde Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.
CVE-2007-6538 2 Moodle, Mrbs 2 Moodle, Mrbs 2026-04-23 N/A
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6402 1 Mystats 1 Mystats 2026-04-23 N/A
SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.
CVE-2008-7038 2 Maxdev, Phpnuke 2 My Egallery, Php-nuke 2026-04-23 N/A
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2006-5221 1 Cahier De Textes 1 Cahier De Textes 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
CVE-2006-5242 1 Etomite 1 Etomite 2026-04-23 N/A
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0327 1 Fascript 1 Famp3 2026-04-23 N/A
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5957 1 Infinicart 1 Infinicart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.
CVE-2006-6038 1 Powie 1 Pforum 2026-04-23 N/A
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6048 1 Etomite 1 Etomite 2026-04-23 N/A
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6073 1 Enthrallweb 1 Eshopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
CVE-2006-6094 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
CVE-2006-6095 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2006-6109 1 Candypress 1 Candypress Store 2026-04-23 N/A
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
CVE-2006-6157 1 Michaelis Freunde 1 Contentnow 2026-04-23 N/A
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
CVE-2006-6747 1 Dreaxteam 1 Xt-news 2026-04-23 N/A
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
CVE-2006-6848 1 Aspticker 1 Aspticker 2026-04-23 N/A
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
CVE-2006-6880 1 Php-update 1 Php-update 2026-04-23 N/A
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.