Search Results (19662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5654 1 Myiosoft 1 Easycalendar 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
CVE-2008-4643 1 Mywebland 1 Mystats 2026-04-23 N/A
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2009-2008 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
CVE-2009-1480 1 Pragyan Cms Project 1 Pragyan Cms 2026-04-23 N/A
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
CVE-2008-0841 2 Joomla, Mambo 2 Com Ricette Component, Com Ricette Component 2026-04-23 N/A
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4701 1 Liberiacms 1 Liberia Cms 2026-04-23 N/A
SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2209 1 Rs-cms 1 Rs-cms 2026-04-23 N/A
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-4665 1 Datingpro 1 Matchmaking 2026-04-23 N/A
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.
CVE-2009-1505 1 Drupal 2 Drupal, News Page 2026-04-23 N/A
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
CVE-2009-1506 1 Intelliants 1 Elitius 2026-04-23 N/A
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
CVE-2008-0301 1 Mapbender 1 Mapbender 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
CVE-2009-1548 1 Qsix 1 Blusky Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
CVE-2009-2096 1 David Degner 1 Phpcollegeexchange 2026-04-23 N/A
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
CVE-2008-5665 1 Xoops 1 Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2009-2097 1 Zokisoft 1 Zoki Catalog 2026-04-23 N/A
SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2099 2 Ijoomla, Joomla 2 Com Rssfeeder, Joomla 2026-04-23 N/A
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2008-4675 1 Phpcounter 1 Phpcounter 2026-04-23 N/A
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2009-2113 1 Fretsweb Project 1 Fretsweb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
CVE-2009-2122 2 Paolo Palmonari, Wordpress 2 Photoracer Plugin For Wordpress, Wordpress 2026-04-23 N/A
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.