Search Results (19663 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1573 1 Jelsoft 1 Vbulletin 2026-04-23 N/A
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
CVE-2007-4804 1 Auracms 1 Auracms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
CVE-2008-0737 1 Shoppingtree 1 Candypress Store 2026-04-23 N/A
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
CVE-2008-0750 1 Husrev 1 Blackboard 2026-04-23 N/A
SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2008-0771 1 Site2nite 1 Real Estate Web 2026-04-23 N/A
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-0829 1 Andrew Freed 1 Quotebook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0831 1 Php-fusion 2 Members Cv Module, Php-fusion 2026-04-23 N/A
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
CVE-2009-0863 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6095 1 Dotnetindex 1 Active News Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
CVE-2008-6810 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-1661 1 Anoldman 1 Utopic 2026-04-23 N/A
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
CVE-2009-1662 1 Recipescript 1 Recipe Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
CVE-2009-4540 1 Bpowerhouse 1 Mini Cms 2026-04-23 N/A
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0422 1 Boastmachine 1 Boastmachine 2026-04-23 N/A
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1272 1 Bmscripts 1 Bm Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
CVE-2008-2063 1 Joovili 1 Joovili 2026-04-23 N/A
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-1282 1 Glfusion 1 Glfusion 2026-04-23 N/A
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
CVE-2007-5177 2 Mambads, Mambo 2 Mambads, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
CVE-2008-2629 2 Drupal, Lifetype 2 Drupal, Lifetype 2026-04-23 N/A
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
CVE-2008-2643 1 Joomla 1 Com Biblestudy 2026-04-23 N/A
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.