Search Results (19646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6159 1 Tilde 1 Tilde Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
CVE-2007-6163 1 Gouae 1 Dwd Realty 2026-04-23 N/A
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6164 1 Eurologon 1 Eurologon Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
CVE-2006-6706 1 Soumu 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow 2026-04-23 N/A
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.
CVE-2007-6362 1 Joomla 1 Rs Gallery2 2026-04-23 N/A
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
CVE-2006-6912 1 Phpmyfaq 1 Phpmyfaq 2026-04-23 N/A
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
CVE-2008-4172 1 Rfaah 1 Cars-vehicles Script 2026-04-23 N/A
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
CVE-2007-1163 1 Webspell 1 Webspell 2026-04-23 N/A
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
CVE-2007-1171 1 Nukescripts 1 Nukesentinel 2026-04-23 N/A
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
CVE-2006-7025 1 Sangwan Kim 1 Bookmark4u 2026-04-23 N/A
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
CVE-2007-6311 1 Falt4 Cms 1 Falt4 Extreme Rc4 2026-04-23 N/A
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
CVE-2006-7138 1 Oracle 1 Apex 2026-04-23 N/A
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
CVE-2006-7170 1 Koan Software 1 Mega Mall 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
CVE-2006-7232 3 Canonical, Mysql, Redhat 3 Ubuntu Linux, Mysql, Enterprise Linux 2026-04-23 N/A
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
CVE-2008-2175 1 Gamma Scripts 1 Blogme Php 2026-04-23 N/A
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6240 1 Snitz Communications 1 Snitz Forums 2000 2026-04-23 N/A
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
CVE-2008-2177 1 Php Directory Source 1 Phpdirectorysource 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
CVE-2007-3063 1 Mealex 1 My Databook 2026-04-23 N/A
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
CVE-2008-0683 1 Wordpress 1 St Newsletter Plugin 2026-04-23 N/A
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
CVE-2008-0686 2 Joomla, Mambo 2 Com Neoreferences, Com Neoreferences 2026-04-23 N/A
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.