Search Results (19725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4046 1 Frontaccounting 1 Frontaccounting 2026-04-23 N/A
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
CVE-2008-1065 1 Xoops 1 Xm Memberstats 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6586 1 Niclor 1 Niclor 2026-04-23 N/A
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
CVE-2008-3767 1 Smartisoft 1 Phpbazar 2026-04-23 N/A
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2007-4456 2 Mambo, Parkview Consultants 2 Mambo, Simplefaq 2026-04-23 N/A
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.
CVE-2009-3430 1 Allomani 1 Mobile 2026-04-23 N/A
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
CVE-2008-6366 1 Adserversolutions 1 Affiliate Software Java 2026-04-23 N/A
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-2203 1 Maianscriptworld 1 Maian Search 2026-04-23 N/A
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
CVE-2008-2205 1 Maianscriptworld 1 Maian Music 2026-04-23 N/A
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.
CVE-2008-0801 3 Joomla, Mambo-foundation, Paxxgallery 3 Joomla\!, Mambo, Com Paxxgallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
CVE-2008-2093 3 Joomla, Joomlapolis, Mambo 3 Com Comprofiler, Community Builder, Com Comprofiler 2026-04-23 N/A
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
CVE-2008-3594 1 Magicscripts 2 E-store Kit-1, E-store Kit-2 2026-04-23 N/A
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2009-3358 1 Tourismscripts 1 Adult Portal Escort Listing 2026-04-23 N/A
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
CVE-2009-3343 1 Hotwebscripts 1 Hotweb Rentals 2026-04-23 N/A
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
CVE-2009-3309 1 Cfshopkart 1 Cf Shopkart 2026-04-23 N/A
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
CVE-2008-3582 1 Keld 1 Php-mysql News Script 2026-04-23 N/A
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-6365 1 Adserversolutions 1 Ad Management Software 2026-04-23 N/A
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
CVE-2007-6622 1 Zeuscms 1 Zeuscms 2026-04-23 N/A
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2008-5496 1 Pozscripts 1 Business Directory Script 2026-04-23 N/A
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.