Export limit exceeded: 19646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3417 | 2 Idojoomla, Joomla | 2 Com Idoblog, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | ||||
| CVE-2009-4618 | 1 Tourismscripts | 1 Bus Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php. | ||||
| CVE-2009-3342 | 2 Alphaplug, Joomla | 2 Com Alphauserpoints, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. | ||||
| CVE-2008-6189 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php. | ||||
| CVE-2007-6128 | 1 Flor De Utopia | 1 Workingonweb | 2026-04-23 | N/A |
| SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. | ||||
| CVE-2008-6188 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. | ||||
| CVE-2008-6187 | 1 Gforge | 1 Gforge | 2026-04-23 | N/A |
| SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. | ||||
| CVE-2009-3337 | 1 S9y | 1 Serendipity Event Freetag | 2026-04-23 | N/A |
| SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. | ||||
| CVE-2007-6164 | 1 Eurologon | 1 Eurologon Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. | ||||
| CVE-2007-5272 | 1 Furkan Tastan Blog | 1 Furkan Tastan Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action. | ||||
| CVE-2007-5189 | 1 X-script | 1 Guestbook | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. | ||||
| CVE-2007-6366 | 1 Sinecms | 1 Sinecms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators. | ||||
| CVE-2009-3335 | 2 Joomla, Turtus | 2 Joomla\!, Turtushout | 2026-04-23 | N/A |
| SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. | ||||
| CVE-2009-3334 | 2 Joomla, Lhacky | 2 Joomla\!, Com Jinc | 2026-04-23 | N/A |
| SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. | ||||
| CVE-2009-3332 | 2 Joomla, Sopinet | 2 Joomla, Com Jbudgetsmagic | 2026-04-23 | N/A |
| SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. | ||||
| CVE-2007-6318 | 1 Wordpress | 1 Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. | ||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | ||||
| CVE-2008-0603 | 3 Amazoop, Joomla, Mambo | 3 Awesom, Com Awesom, Com Awesom | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. | ||||
| CVE-2008-0606 | 3 Joomla, Mambo, Phil Taylor | 3 Com Shambo2, Com Shambo2, Shambo2 | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. | ||||