Search Results (19737 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-2501 1 Henning Stoverud 1 Phphotoalbum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2026-04-23 N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2504 1 Simpel Side 1 Netbutik 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
CVE-2008-7153 1 Docebo 1 Docebo 2026-04-23 N/A
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2008-1430 1 Iatek 1 Aspapp 2026-04-23 N/A
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
CVE-2008-2510 1 Wordpress 1 Upload File Plugin 2026-04-23 N/A
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
CVE-2009-2781 1 Arabportal 1 Arab Portal 2026-04-23 N/A
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
CVE-2008-2521 1 Yabsoft 1 Mega File Hosting Script 2026-04-23 N/A
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.
CVE-2008-2522 1 Haudenschilt 1 Battlenet Clan Script 2026-04-23 N/A
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
CVE-2009-4341 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2026-04-23 N/A
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2008-2523 1 Raknet 1 Autopatcher Server 2026-04-23 N/A
SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2530 1 Quickupcms 1 Quickupcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php.
CVE-2008-2536 1 Yabsoft 1 Advanced Image Hosting Script 2026-04-23 N/A
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
CVE-2009-2638 2 Joomla, Konze 2 Joomla, Com Akobook 2026-04-23 N/A
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
CVE-2009-2326 1 Max Kervin 1 Kervinet Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
CVE-2008-2555 1 Easyway 1 Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-2560 1 Fourtwosevenbb 1 427bb 2026-04-23 N/A
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2008-2562 1 Powerphlogger 1 Powerphlogger 2026-04-23 N/A
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
CVE-2008-6596 1 Phpcredo 1 Phcdownload 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1584 1 R020 1 Tematres 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.