Search Results (19704 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3765 1 Discountedscripts 1 Quick Poll Script 2026-04-23 N/A
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1746 1 Diangemilang 1 Dgnews 2026-04-23 N/A
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-6250 1 Comdev 1 Comdev Web Blogger 2026-04-23 N/A
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
CVE-2008-5337 1 Multimania 2 Bandsite Portal System, Bandwebsite 2026-04-23 N/A
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6452 1 Oceandir 1 Oceandir 2026-04-23 N/A
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4058 1 Telebidauctionscript 1 Telebid Auction Script 2026-04-23 N/A
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.
CVE-2009-1799 1 Sebastian-thiele 1 St-gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
CVE-2009-1661 1 Anoldman 1 Utopic 2026-04-23 N/A
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
CVE-2007-5061 1 Clansphere 1 Clansphere 2026-04-23 N/A
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
CVE-2007-6345 1 Aurora 1 Aurora Framework 2026-04-23 N/A
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
CVE-2008-0428 1 Bloofoxcms 1 Bloofoxcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
CVE-2008-2132 1 Systementor 1 Postcardmentor 2026-04-23 N/A
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
CVE-2008-0385 1 Urulu 1 Urulu 2026-04-23 N/A
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.
CVE-2009-4437 1 Activewebsoftwares 1 Active Auction House 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
CVE-2008-3204 1 E-topbiz 1 Million Pixels 2026-04-23 N/A
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
CVE-2009-0863 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1026 1 Kimwebsites 1 Kim Websites 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2008-2114 1 Preprojects 1 Pre Shopping Mall 2026-04-23 N/A
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2009-4566 1 Zenphoto 1 Zenphoto 2026-04-23 N/A
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.