Search Results (18776 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5123 1 Solidweb 1 Novus 2026-04-23 N/A
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
CVE-2007-4653 1 Phpbb 1 Phpbb 2026-04-23 N/A
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
CVE-2009-3667 1 Adsdx 1 Adsdx 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
CVE-2008-3403 1 Mojoscripts 1 Mojopersonals 2026-04-23 N/A
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-1149 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2008-6422 1 Psychostats 1 Psychostats 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
CVE-2009-3504 1 Alibabaclone 1 Alibaba Clone 2026-04-23 N/A
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6038 1 Powie 1 Pforum 2026-04-23 N/A
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0681 1 Phpshop 1 Phpshop 2026-04-23 N/A
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
CVE-2007-6217 1 Irola 1 My-time 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-0649 1 Adp 1 Astanda Directory Project 2026-04-23 N/A
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-2008-7120 1 Mrcgiguy 1 Hot Links Sql-php 2026-04-23 N/A
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
CVE-2008-4647 1 Sweetcms 1 Sweetcms 2026-04-23 N/A
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-3711 1 Phparcadescript 1 Phparcadescript 2026-04-23 N/A
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
CVE-2008-5959 1 Active Web Softwares 1 Active Test 2026-04-23 N/A
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-4492 1 Yourownbux 1 Yourownbux 2026-04-23 N/A
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
CVE-2010-0343 1 Typo3 2 Pb Clanlist, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5590 1 Kalptaru Infotech 1 Product Sale Framework 2026-04-23 N/A
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
CVE-2009-0458 1 Wholehogsoftware 1 Ware Support 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
CVE-2008-3484 1 Estoreaff 1 Estoreaff 2026-04-23 N/A
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.