Export limit exceeded: 365298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2498 | 1 Mambo-foundation | 1 Mambo | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2026-04-23 | N/A |
| SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | ||||
| CVE-2008-6778 | 1 Scripts-for-sites | 1 Ez Auction | 2026-04-23 | N/A |
| SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-4335 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2026-04-23 | N/A |
| SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter. | ||||
| CVE-2008-6783 | 1 Scripts-for-sites | 1 Ez Home Business Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||||
| CVE-2009-4221 | 1 Smartisoft | 1 Phpbazar | 2026-04-23 | N/A |
| SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767. | ||||
| CVE-2008-6813 | 1 Surat Kabar | 1 Phpwebnews | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter. | ||||
| CVE-2009-4218 | 1 Jiros | 1 Jbsx | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2026-04-23 | N/A |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | ||||
| CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. | ||||
| CVE-2008-4350 | 1 Vblogix | 1 Tutorial Script | 2026-04-23 | N/A |
| SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||||
| CVE-2008-4352 | 1 Phpsmartcom | 1 Phpsmartcom | 2026-04-23 | N/A |
| SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | ||||
| CVE-2008-4354 | 1 Net Art Media | 1 Iboutique | 2026-04-23 | N/A |
| SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | ||||
| CVE-2008-2509 | 1 Excuse Online | 1 Excuse Online | 2026-04-23 | N/A |
| SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter. | ||||
| CVE-2008-4355 | 1 Powie | 1 Pforum | 2026-04-23 | N/A |
| SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4356 | 1 Kasseler-cms | 1 Kasseler Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. | ||||
| CVE-2008-4374 | 1 Cmsbuzz | 1 Cms Buzz | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action. | ||||
| CVE-2008-5590 | 1 Kalptaru Infotech | 1 Product Sale Framework | 2026-04-23 | N/A |
| SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter. | ||||
| CVE-2008-4378 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2026-04-23 | N/A |
| SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||