Export limit exceeded: 365152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2997 1 Salescart 1 Shopping Cart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
CVE-2008-6459 1 Typo3 2 Autobeuser, Typo3 2026-04-23 N/A
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6452 1 Oceandir 1 Oceandir 2026-04-23 N/A
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-3637 1 Mkportal 1 Mkportal 2026-04-23 N/A
SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
CVE-2007-3273 1 Fusetalk 1 Fusetalk 2026-04-23 N/A
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1841 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
CVE-2008-1840 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
CVE-2008-6078 1 Limbo Cms 2 Com Privmsg, Limbo Cms 2026-04-23 N/A
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
CVE-2008-1838 1 Bosdev 1 Bosclassifieds Ads Systems 2026-04-23 N/A
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
CVE-2008-2925 1 Valarsoft 1 Webmatic 2026-04-23 N/A
SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6068 2 Joomla, Web Design Hero 2 Joomla, Joomladate 2026-04-23 N/A
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
CVE-2008-3604 1 Zeescripts 1 Zeebuddy 2026-04-23 N/A
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2008-3603 1 Vacation Rentals 1 Vacation Rental Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
CVE-2008-2921 1 Eztechhelp Company 1 Ezcms 2026-04-23 N/A
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-3601 1 Quicksilver Forums 1 Quicksilver Forums 2026-04-23 N/A
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
CVE-2008-6017 1 I-rater 1 I-rater Basic 2026-04-23 N/A
SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.
CVE-2008-1954 1 Webcalendar 1 Web Calendar Pro 2026-04-23 N/A
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2008-6014 1 Rianxosencabos Cms 1 Rianxosencabos Cms 2026-04-23 N/A
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3563 1 Plogger 1 Plogger 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
CVE-2008-5998 1 Drupal 2 Ajax Checklist, Drupal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.