Total
11302 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3119 | 2 Php-fusion, X-iweb.ru | 2 Php-fusion, Download System Msf | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | |||||
CVE-2009-4339 | 2 Stephan Vits, Typo3 | 2 Mf Subscription, Typo3 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2008-4423 | 1 Ovidentia | 1 Ovidentia | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | |||||
CVE-2008-2893 | 1 Ajhyip | 1 Aj Square Aj-hyip | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532. | |||||
CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||||
CVE-2008-4159 | 1 Zanfi Solutions | 2 Jaw Portal, Zanfi Cms Lite | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | |||||
CVE-2008-3393 | 1 Infomining | 1 Bookmine | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. | |||||
CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | |||||
CVE-2009-0604 | 1 Php Director | 1 Php Director | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. | |||||
CVE-2008-2422 | 1 Webslider | 1 Webslider | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-0326 | 1 Dark Age Cms | 1 Dark Age Cms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-1939 | 1 Aspindir | 1 Philboard | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. | |||||
CVE-2008-4590 | 1 Stash | 1 Stash | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | |||||
CVE-2009-0543 | 1 Proftpd | 1 Proftpd | 2023-12-10 | 6.8 MEDIUM | N/A |
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. | |||||
CVE-2008-4633 | 1 Drupal | 2 Drupal, Node Clone | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | |||||
CVE-2009-1323 | 1 Webfileexplorer | 1 Web File Explorer | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-2183 | 1 Toocharger | 1 Smartblog | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter. | |||||
CVE-2008-3185 | 1 Vclcomponents | 1 Relative Real Estate Systems | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. | |||||
CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. |