Search Results (19707 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2340 1 News Manager 1 News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2008-2337 1 Imgallery 1 Imgallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.
CVE-2008-3123 1 Mole Group 1 Real Estate Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
CVE-2009-4256 1 Truesolution 1 Alefmentor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
CVE-2009-1509 1 Myiosoft 1 Ajaxportal 2026-04-23 N/A
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-2301 1 Phpway 1 Kostenloses Linkmanagementscript 2026-04-23 N/A
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
CVE-2009-2545 1 Anelectron 1 Advanced Electron Forum 2026-04-23 N/A
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3945 1 Source Workshop 1 Words Tag Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
CVE-2008-4617 3 Joomla, Mambo-foundation, Pyxicom 3 Joomla, Mambo, Actualite 2026-04-23 N/A
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1094 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-23 N/A
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
CVE-2009-2105 1 Kasper Skrhj 1 References Database 2026-04-23 N/A
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0301 1 Mapbender 1 Mapbender 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
CVE-2009-0409 1 Mzbservices 1 Max.blog 2026-04-23 N/A
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-2124 1 Fipsasp 1 Fipscms 2026-04-23 N/A
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
CVE-2008-0561 3 Arthur Konze Webdesign, Joomla, Mambo 3 Akogallery, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-0111 1 Goople Cms 1 Goople Cms 2026-04-23 N/A
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-2384 3 Apache, Joey Schulze, Redhat 3 Http Server, Mod Auth Mysql, Enterprise Linux 2026-04-23 N/A
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
CVE-2009-4229 1 Activewebsoftwares 1 Active Bids 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3512 1 Php Nuke 1 Kleinanzeigen Module 2026-04-23 N/A
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
CVE-2009-0121 1 Goople Cms 1 Goople Cms 2026-04-23 N/A
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.