Search Results (19812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5978 1 Xoops 1 Mylinks Module 2026-04-23 N/A
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-6266 1 Bcoos 1 Bcoos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.
CVE-2007-6269 1 Xigla 1 Absolute News Manager.net 2026-04-23 N/A
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
CVE-2007-6393 1 Ace Image Hosting Script 1 Ace Image Hosting Script 2026-04-23 N/A
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
CVE-2007-6299 1 Drupal 1 Drupal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
CVE-2007-6158 1 Proverbs 1 Proverbs Web Calendar 2026-04-23 N/A
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
CVE-2007-6159 1 Tilde 1 Tilde Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
CVE-2006-6706 1 Soumu 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow 2026-04-23 N/A
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.
CVE-2008-1714 1 Fascript 1 Faphoto 2026-04-23 N/A
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1715 1 Auracms 1 Auracms 2026-04-23 N/A
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
CVE-2007-6462 1 Php Real Estate Classifieds 1 Php Real Estate Classifieds Premium Plus 2026-04-23 N/A
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6467 1 Mkportal 1 Mkportal 2026-04-23 N/A
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
CVE-2007-4095 1 Bsm Store 1 Dependent Forums 2026-04-23 N/A
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
CVE-2008-0746 2 Joomla, Mambo 2 Com Gallery, Com Gallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2007-6466 1 Freewebshop 1 Freewebshop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
CVE-2008-0089 1 Clip-share 1 Clipshare 2026-04-23 N/A
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
CVE-2007-6472 1 Phpmyrealty 1 Phpmyrealty 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
CVE-2007-6484 1 Phprpg 1 Phprpg 2026-04-23 N/A
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0752 2 Joomla, Mambo 2 Com Neogallery, Com Neogallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.
CVE-2008-0142 1 Webportal 1 Webportal Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.