Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6649 | 1 Ktools | 1 Photostore | 2026-04-23 | N/A |
| SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6517 | 1 Nick Jenkin | 1 Newshowler | 2026-04-23 | N/A |
| SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter. | ||||
| CVE-2008-6789 | 1 Minddezign | 1 Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | ||||
| CVE-2007-0789 | 1 Mambo | 1 Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. | ||||
| CVE-2007-0794 | 1 Globalmegacorp | 1 Dvddb | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions | ||||
| CVE-2007-2997 | 1 Salescart | 1 Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product. | ||||
| CVE-2008-6647 | 1 Ktools | 1 Photostore | 2026-04-23 | N/A |
| SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | ||||
| CVE-2008-6633 | 1 Beaussier | 1 Roomphplanning | 2026-04-23 | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php. | ||||
| CVE-2008-6043 | 1 Phpprobid | 1 Php Pro Bid | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6040 | 1 Agares Media | 1 Arcadem Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php. | ||||
| CVE-2008-6626 | 1 Webbdomain | 1 Quiz | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-1453 | 1 Anoochit Chalothorn | 1 Tiny Blogr | 2026-04-23 | N/A |
| SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2026-04-23 | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | ||||
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | ||||
| CVE-2008-6625 | 1 Webbdomain | 1 Polls | 2026-04-23 | N/A |
| SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2026-04-23 | N/A |
| SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2026-04-23 | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6469 | 1 Plaincart | 1 Plaincart | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2008-6741 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php. | ||||
| CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2026-04-23 | N/A |
| SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | ||||