Search Results (19794 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1026 1 Scriptdungeon 1 Xlatunes 2026-04-23 N/A
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
CVE-2008-6813 1 Surat Kabar 1 Phpwebnews 2026-04-23 N/A
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
CVE-2008-3867 1 Cce-interact 1 Interact 2026-04-23 N/A
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
CVE-2008-2506 1 Simpel Side 1 Weblosning 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.
CVE-2008-4350 1 Vblogix 1 Tutorial Script 2026-04-23 N/A
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-4352 1 Phpsmartcom 1 Phpsmartcom 2026-04-23 N/A
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
CVE-2008-4354 1 Net Art Media 1 Iboutique 2026-04-23 N/A
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
CVE-2008-2509 1 Excuse Online 1 Excuse Online 2026-04-23 N/A
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.
CVE-2008-4355 1 Powie 1 Pforum 2026-04-23 N/A
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4356 1 Kasseler-cms 1 Kasseler Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.
CVE-2008-4357 1 Powie 1 Plink 2026-04-23 N/A
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4561 1 Worms-league 1 Webleague 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-4374 1 Cmsbuzz 1 Cms Buzz 2026-04-23 N/A
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.
CVE-2009-4560 1 Worms-league 1 Webleague 2026-04-23 N/A
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-4378 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4379 1 Mr. Cgi Guy 1 Hot Links Sql Php 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2009-3224 2 68classifieds, Classified-software 2 68 Classifieds, Super Mod System 2026-04-23 N/A
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2009-3223 1 Inoutscripts 1 Inout Adserver 2026-04-23 N/A
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2008-3861 1 Phpmyrealty 1 Phpmyrealty 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
CVE-2009-3218 1 The-ghost 1 Ar Web Content Manager 2026-04-23 N/A
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.