Export limit exceeded: 361619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19608 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6608 | 1 Developiteasy | 1 Events Calendar | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6968 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | ||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | ||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2026-04-23 | N/A |
| SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | ||||
| CVE-2009-1362 | 1 Chcounter | 1 Chcounter | 2026-04-23 | N/A |
| SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2026-04-23 | N/A |
| SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | ||||
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | ||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | ||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | ||||
| CVE-2008-6986 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. | ||||
| CVE-2009-1909 | 1 Openskip | 1 Skip | 2026-04-23 | N/A |
| SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-6989 | 1 Ezphotogallery | 1 Ezphotogallery | 2026-04-23 | N/A |
| SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-6990 | 1 Ezphotogallery | 1 Ezphotogallery | 2026-04-23 | N/A |
| SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7003 | 1 The-rat-cms | 1 The-rat-cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter. | ||||
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1764 | 1 Bokecc | 1 Maxcms | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action. | ||||
| CVE-2009-1208 | 2 Auth2db, Auth2dbauth2db | 2 Auth2db, 0.1.1 | 2026-04-23 | N/A |
| SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. | ||||
| CVE-2009-3975 | 1 Moagallery | 1 Moa | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action. | ||||
| CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | ||||