Export limit exceeded: 341151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18393 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4778 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777. | ||||
| CVE-2007-6666 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | N/A |
| SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. | ||||
| CVE-2008-0719 | 1 Oscommerce | 2 Customer Testimonials, Oscommerce | 2025-04-09 | N/A |
| SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. | ||||
| CVE-2007-4804 | 1 Auracms | 1 Auracms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances. | ||||
| CVE-2007-4808 | 1 Tlm Cms | 1 Tlm Cms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1. | ||||
| CVE-2007-4956 | 1 Kwsphp | 1 Kwsphp | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module. | ||||
| CVE-2007-6575 | 1 Brand039 | 1 Mmslamp | 2025-04-09 | N/A |
| SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action. | ||||
| CVE-2009-3061 | 1 Alqa6ari | 1 Script Q R | 2025-04-09 | N/A |
| SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2025-04-09 | N/A |
| SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | ||||
| CVE-2008-1608 | 1 Clever Copy | 1 Clever Copy | 2025-04-09 | N/A |
| SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | ||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2025-04-09 | N/A |
| The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | ||||
| CVE-2009-0851 | 1 Stewart Howe | 1 Celerbb | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php. | ||||
| CVE-2008-1404 | 1 Exv2 | 1 Exv2 | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter. | ||||
| CVE-2008-6257 | 1 Openasp | 1 Openasp | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module. | ||||
| CVE-2008-0855 | 2 Joomla, Mambo | 2 Com Facileforms, Com Facileforms | 2025-04-09 | N/A |
| SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2009-0738 | 1 Frankmancuso | 1 Auth Php | 2025-04-09 | N/A |
| SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2007-5511 | 1 Oracle | 1 Database Server | 2025-04-09 | N/A |
| SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. | ||||
| CVE-2007-6602 | 1 Noserub | 1 Noserub | 2025-04-09 | N/A |
| SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script. | ||||
| CVE-2009-4386 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2025-04-09 | N/A |
| SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors. | ||||
| CVE-2008-6781 | 1 Scripts-for-sites | 1 Ez Gaming Directory | 2025-04-09 | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||||