Export limit exceeded: 366302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19830 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5811 1 Joomla 2 Com Paxgallery, Joomla 2026-04-23 N/A
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
CVE-2009-1813 1 Submitterscript 1 Submitterscript 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
CVE-2008-5838 1 Ephpscripts 1 E-shop Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-5851 1 Mypbs 1 Mypbs 2026-04-23 N/A
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.
CVE-2009-0808 1 Simple Cmms 1 Simplecmms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-1812 1 Collector 1 Mygesuad 2026-04-23 N/A
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
CVE-2009-3965 1 Maniacomputer 1 New5starrating 2026-04-23 N/A
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
CVE-2009-3964 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjamonials 2026-04-23 N/A
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2009-1065 1 Getpixie 1 Pixie Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5874 2 Joomla, Joomlahbs 4 Joomla, Com 5starhotels, Com Allhotels and 1 more 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
CVE-2008-5875 2 Joomla, Joomlahbs 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System 2026-04-23 N/A
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-5877 1 Phpclanwebsite 1 Phpclanwebsite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444.
CVE-2009-4350 1 Boldfx 1 Arctic Issue Tracker 2026-04-23 N/A
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information.
CVE-2009-4351 1 Wscreator 1 Wscreator 2026-04-23 N/A
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
CVE-2009-3913 1 Xerox 1 Fiery Webtools 2026-04-23 N/A
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
CVE-2009-3813 1 Runcms 1 Runcms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.
CVE-2009-3806 1 Dedecms 1 Dedecms 2026-04-23 N/A
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
CVE-2009-3801 1 Opendocman 1 Opendocman 2026-04-23 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3788 1 Opendocman 1 Opendocman 2026-04-23 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
CVE-2009-4390 2 Jochen Rieger, Typo3 2 Car, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.