Search Results (19631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0138 1 Xoops 1 Xoopsgallery Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
CVE-2007-6080 1 Bcoos 1 Bcoos 2026-04-23 N/A
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
CVE-2008-0137 1 Snetworks 1 Php Classifieds 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2007-1469 1 Xigla 1 Absolute Image Gallery Xe 2026-04-23 N/A
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
CVE-2008-3302 1 Tuxplanet 1 Bilboblog 2026-04-23 N/A
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
CVE-2008-6086 1 Camera Life 1 Camera Life 2026-04-23 N/A
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
CVE-2008-6077 1 Loudblog 1 Loudblog 2026-04-23 N/A
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
CVE-2008-1911 1 1024 Cms 1 1024 Cms 2026-04-23 N/A
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
CVE-2008-1907 1 Cpcommerce 1 Cpcommerce 2026-04-23 N/A
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
CVE-2008-4777 2 Joomla, Mambo 3 Com Lms, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVE-2008-6153 1 Jayeshp 1 Pixel8 Web Photo Album 2026-04-23 N/A
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
CVE-2008-6154 1 Hispah 1 Text Links Ads 2026-04-23 N/A
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
CVE-2009-0825 1 Torben Sorensen 1 Tinx\/cms 2026-04-23 N/A
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6155 1 Hispah 1 Text Links Ads 2026-04-23 N/A
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6156 1 Formfields 1 Adman 2026-04-23 N/A
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
CVE-2008-2013 1 Pnflashgames 1 Pnflashgames 2026-04-23 N/A
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.
CVE-2008-2189 1 Anserv 1 Auction Xl 2026-04-23 N/A
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-6471 1 Mountaingrafix 1 Easylink 2026-04-23 N/A
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
CVE-2009-0593 1 Plxwebdev 1 Plx Auto Reminder 2026-04-23 N/A
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
CVE-2009-0597 1 W3b Cms 1 Aka W3blabor Cms 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.