Search Results (19689 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4623 2 Joomla, Martin Diphoorn 2 Joomla, Com Ds-syndicate 2026-04-23 N/A
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
CVE-2008-1957 1 Easyscripts 1 Tr Script News 2026-04-23 N/A
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
CVE-2007-6143 1 Vu 1 Case Manager 2026-04-23 N/A
SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-0831 1 Joomla 1 Rapid Recipe 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
CVE-2008-1297 3 Ewriting, Joomla, Mambo 3 Ewriting, Com Ewriting, Com Ewriting 2026-04-23 N/A
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2008-0833 1 Joomla 1 Com Galeria 2026-04-23 N/A
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2006-6095 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2007-5233 1 Deonixscripts 1 Web Template Management System 2026-04-23 N/A
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
CVE-2008-1936 1 Classifieds Caffe 1 Classifieds Caffe 2026-04-23 N/A
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
CVE-2008-1750 1 Livecart 1 Livecart 2026-04-23 N/A
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
CVE-2008-4177 1 Preprojects 1 Pre Real Estate Listings 2026-04-23 N/A
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2008-1791 1 Mygamingladder 1 Mygamingladder 2026-04-23 N/A
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
CVE-2008-2893 1 Ajhyip 1 Aj Square Aj-hyip 2026-04-23 N/A
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
CVE-2007-2997 1 Salescart 1 Shopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
CVE-2009-1852 1 Graphiks 1 Myforum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2008-4433 2 Rmsoft, Xoops 2 Minishop Module, Xoops 2026-04-23 N/A
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.
CVE-2007-6466 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
CVE-2008-0795 3 Joomla, Mambo, Mgfi 3 Joomla, Mambo, Xfaq 2026-04-23 N/A
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
CVE-2008-5952 1 Ktp Computer Customer Database 1 Ktp Computer Customer Database 2026-04-23 N/A
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
CVE-2009-0493 1 Martin Unzner 1 It\!cms 2026-04-23 N/A
SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.