Export limit exceeded: 19668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5928 1 Flds-script 1 Flds 2026-04-23 N/A
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5864 2 Joomla, Joomlahbs 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System 2026-04-23 N/A
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2006-6157 1 Michaelis Freunde 1 Contentnow 2026-04-23 N/A
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
CVE-2008-5923 1 Asp-dev 1 Xm Events Diary 2026-04-23 N/A
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
CVE-2008-5865 2 Joomla, Joomlahbs 2 Joomla, Hotel Booking Reservation System 2026-04-23 N/A
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2008-3306 1 Youtube Blog 1 Youtube Blog 2026-04-23 N/A
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3307 1 Youtube Blog 1 Youtube Blog 2026-04-23 N/A
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
CVE-2008-3310 1 Preproject 1 Pre Survey Poll 2026-04-23 N/A
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-5892 1 Icash 1 Click\&email 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.
CVE-2008-5895 1 Mediatheka 1 Mediatheka 2026-04-23 N/A
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2008-3345 1 Myiosoft 1 Easye-cards 2026-04-23 N/A
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
CVE-2008-3351 1 Atomphotoblog 1 Atomphotoblog 2026-04-23 N/A
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
CVE-2008-3359 1 Owl 1 Intranet Knowledgebase 2026-04-23 N/A
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3369 1 Viart 1 Viart Shop 2026-04-23 N/A
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-3378 1 Fizzmedia Negativekarma 1 Fizzmedia 2026-04-23 N/A
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-2012 1 Postnuke Software Foundation 1 Postschedule 2026-04-23 N/A
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
CVE-2009-0459 1 Wholehogsoftware 1 Password Protect 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
CVE-2009-0479 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0808 1 Simple Cmms 1 Simplecmms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5863 2 V-gn, Woltlab 2 Userlocator, Burning Board 2026-04-23 N/A
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.