Export limit exceeded: 47282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19778 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19778 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7025 1 Sangwan Kim 1 Bookmark4u 2026-04-23 N/A
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
CVE-2007-6311 1 Falt4 Cms 1 Falt4 Extreme Rc4 2026-04-23 N/A
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
CVE-2009-3342 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
CVE-2008-6189 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
CVE-2008-6188 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
CVE-2008-6187 1 Gforge 1 Gforge 2026-04-23 N/A
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
CVE-2009-3337 1 S9y 1 Serendipity Event Freetag 2026-04-23 N/A
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
CVE-2009-3335 2 Joomla, Turtus 2 Joomla\!, Turtushout 2026-04-23 N/A
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2026-04-23 N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2009-3332 2 Joomla, Sopinet 2 Joomla, Com Jbudgetsmagic 2026-04-23 N/A
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
CVE-2009-3330 1 Cpecreator 1 Cp Creator 2026-04-23 N/A
SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.
CVE-2006-7138 1 Oracle 1 Apex 2026-04-23 N/A
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
CVE-2008-1623 1 Lotus Web Studios Inc 1 Smoothflash 2026-04-23 N/A
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-7170 1 Koan Software 1 Mega Mall 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
CVE-2006-7232 3 Canonical, Mysql, Redhat 3 Ubuntu Linux, Mysql, Enterprise Linux 2026-04-23 N/A
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
CVE-2009-3327 1 Webilix 1 Wx-guestbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3325 2 Focusdev, Joomla 2 Com Surveymanager, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2009-3321 1 Saphplesson 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
CVE-2007-1962 1 Xoops 2 Wf-snippets, Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVE-2009-3319 1 Dimofinf 1 Dawaween 2026-04-23 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.