Search Results (19774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0773 3 Joomla, Mambo, Phil Taylor 4 Com Comments, Com Comments, Comments and 1 more 2026-04-23 N/A
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2907 1 Webchamado 1 Webchamado 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.
CVE-2007-6551 1 Mailmachinepro 1 Mailmachine Pro 2026-04-23 N/A
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4602 1 Implied By Design 1 Micro Cms 2026-04-23 N/A
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-4837 1 Proxy Anket 1 Proxy Anket 2026-04-23 N/A
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5485 1 Kwsphp 1 Kwsphp 2026-04-23 N/A
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2003-1573 1 Sun 1 J2ee 2026-04-23 N/A
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
CVE-2010-0340 1 Typo3 2 Mjseventpro, Typo3 2026-04-23 N/A
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0326 1 Dark Age Cms 1 Dark Age Cms 2026-04-23 N/A
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6805 1 Micgr 1 Mic Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
CVE-2008-6803 1 Yigit Aybuga 1 Dizi Portali 2026-04-23 N/A
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2535 1 Fkrauthan 1 Phoenix View Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.
CVE-2007-5452 1 Php-stats 1 Php-stats 2026-04-23 N/A
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
CVE-2007-4881 1 Psi-labs 1 Social Networking Script Psisns 2026-04-23 N/A
SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2008-6389 1 Aliensoftcorp 1 Rae Media Contact Management 2026-04-23 N/A
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3361 1 Paul Gibbs 1 Php-ipnmonitor 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
CVE-2009-3326 1 Cmscontrol 1 Cmscontrol 2026-04-23 N/A
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.
CVE-2007-1897 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
CVE-2009-3336 1 Phpprobid 1 Php Pro Bid 2026-04-23 N/A
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.
CVE-2009-3193 2 Joomla, Uwix 2 Joomla, Com Digifolio 2026-04-23 N/A
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.