Search Results (19740 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1864 1 Prozilla 1 Prozilla Freelancers 2026-04-23 N/A
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
CVE-2008-7091 1 Pligg 1 Pligg Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2008-1869 1 Site Sift Media 1 Site Sift Listings 2026-04-23 N/A
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.
CVE-2008-1870 1 Geek247 1 Pigmy-sql 2026-04-23 N/A
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3867 1 Cce-interact 1 Interact 2026-04-23 N/A
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
CVE-2008-5292 1 Videogirls 1 Videogirls Biz 2026-04-23 N/A
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2008-5293 1 Bdigital Web Solutions 1 Webstudio Ehotel 2026-04-23 N/A
SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
CVE-2008-5294 1 Bdigital Web Solutions 1 Webstudio Ecatalogue 2026-04-23 N/A
SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
CVE-2008-5295 1 Jamit Software 1 Jamit Job Board 2026-04-23 N/A
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.
CVE-2009-3059 1 Allpublication 1 Jboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
CVE-2010-0324 2 Patrick Bauerochse, Typo3 2 Ref List, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3861 1 Phpmyrealty 1 Phpmyrealty 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
CVE-2009-4337 2 Simon Rundell, Typo3 2 Pd Calendar Today, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
CVE-2008-5586 1 Check Up 1 Check New 2026-04-23 N/A
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2009-4217 2 Itamar Elharar, Joomla 2 Com Musicgallery, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5588 1 Katywhitton 1 Rankem 2026-04-23 N/A
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
CVE-2008-5589 1 Katywhitton 1 Rankem 2026-04-23 N/A
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2008-5590 1 Kalptaru Infotech 1 Product Sale Framework 2026-04-23 N/A
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
CVE-2008-5131 1 Develop It Easy 1 News And Article System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
CVE-2009-4155 1 Eshopbuilder 1 Eshopbuilde Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.