Search Results (18773 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6380 1 Activewebsoftwares 1 Active Web Helpdesk 2026-04-23 N/A
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2008-3386 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
CVE-2009-2389 1 Usolved 1 Newsolved 2026-04-23 N/A
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
CVE-2008-3387 1 Phpfootball 1 Phpfootball 2026-04-23 N/A
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
CVE-2009-2388 1 Shalwan 1 Opial 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6438 2 E107, E107coders 2 E107, Macguru Blog Engine Plugin 2026-04-23 N/A
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
CVE-2008-6443 1 Phpkf 1 Phpkf 2026-04-23 N/A
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.
CVE-2009-2383 2 Blogtrafficexchange, Wordpress 2 Related-sites, Wordpress 2026-04-23 N/A
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
CVE-2008-6451 1 Jportal 1 Jportal 2026-04-23 N/A
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
CVE-2009-2366 1 Datachecknh 2 Forumpal, Forumpal Fe 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
CVE-2008-6452 1 Oceandir 1 Oceandir 2026-04-23 N/A
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6454 1 6rbscript 1 6rbscript 2026-04-23 N/A
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
CVE-2008-6456 2 Martin Helmich, Typo3 2 Hbook, Typo3 2026-04-23 N/A
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2365 1 Datachecknh 1 Gallerypal Fe 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3413 1 Greatclone 1 Auction Platinum 2026-04-23 N/A
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2008-6457 2 Typo3, Walnutstreet 2 Typo3, Cgswigmore 2026-04-23 N/A
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6458 2 Dieter Mayer, Typo3 2 Fe Address Edit, Typo3 2026-04-23 N/A
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2361 1 Osticket 1 Osticket 2026-04-23 N/A
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
CVE-2008-3414 1 Siteadmin 1 Cms 2026-04-23 N/A
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
CVE-2008-3416 1 Icebb 1 Icebb 2026-04-23 N/A
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.