Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5678 1 Phpbasic 1 Phpbasic 2026-04-23 N/A
SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI.
CVE-2007-5630 1 Bbsprocess 1 Bbportals 2026-04-23 N/A
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.
CVE-2009-1282 1 Glfusion 1 Glfusion 2026-04-23 N/A
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
CVE-2008-4904 1 Typosphere 1 Typo 2026-04-23 N/A
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
CVE-2008-5070 1 Pro Chat Rooms 1 Pro Chat Rooms 2026-04-23 N/A
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.
CVE-2008-6485 1 Softcomplex 1 Php Image Gallery 2026-04-23 N/A
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
CVE-2007-4966 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
CVE-2008-1613 1 Reddot 1 Cms 2026-04-23 N/A
SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.
CVE-2007-5679 1 Deeemm 1 Dmcms 2026-04-23 N/A
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
CVE-2009-0740 1 Frankmancuso 1 Bluebird 2026-04-23 N/A
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
CVE-2008-6451 1 Jportal 1 Jportal 2026-04-23 N/A
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
CVE-2009-1404 1 Pastel 1 Pastelcms 2026-04-23 N/A
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
CVE-2006-7089 1 Ban 1 Ban 2026-04-23 N/A
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2065 1 Yourfreeworld 1 Jokes Site Script 2026-04-23 N/A
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
CVE-2009-3419 1 Intesync 1 Miniweb 2026-04-23 N/A
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
CVE-2009-0703 1 Aspthai.net 1 Aspthai.net Webboard 2026-04-23 N/A
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0863 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4394 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-3439 1 Alienvault 1 Ossim 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.
CVE-2008-4092 1 Myphpnuke 1 Myphpnuke 2026-04-23 N/A
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.