Export limit exceeded: 19646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5950 | 1 Aspapps | 1 Template Creature | 2026-04-23 | N/A |
| SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | ||||
| CVE-2008-5952 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2026-04-23 | N/A |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI. | ||||
| CVE-2008-5954 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2026-04-23 | N/A |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | ||||
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | ||||
| CVE-2009-2310 | 1 Bow Der Kleine | 1 X-blc | 2026-04-23 | N/A |
| SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | ||||
| CVE-2009-2307 | 1 Maxdev | 2 Cwguestbook, Md-pro | 2026-04-23 | N/A |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | ||||
| CVE-2008-4760 | 1 Graphiks | 1 Myforum | 2026-04-23 | N/A |
| SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5491 | 1 Slimcms | 1 Slimcms | 2026-04-23 | N/A |
| SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | ||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | ||||
| CVE-2009-2254 | 1 Zen-cart | 1 Zen Cart | 2026-04-23 | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. | ||||
| CVE-2008-5629 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. | ||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2026-04-23 | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2236 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2235 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-2234 | 1 Vicidial | 1 Call Center Suite | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW). | ||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2026-04-23 | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2209 | 1 Rs-cms | 1 Rs-cms | 2026-04-23 | N/A |
| SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2009-2915 | 1 2fly | 1 Gift Delivery System | 2026-04-23 | N/A |
| SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action. | ||||
| CVE-2009-3081 | 1 Uiga | 1 Church Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||