Export limit exceeded: 19840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2167 1 Egyplus 1 7ammel 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CVE-2008-4716 1 Scriptdemo 1 Php-lance 2026-04-23 N/A
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-5187 1 Php-fusion 1 Expanded Calendar Module 2026-04-23 N/A
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
CVE-2009-2147 1 Phpwebthings 1 Phpwebthings 2026-04-23 N/A
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0468 1 Flinx 1 Flinx 2026-04-23 N/A
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5665 1 Xoops 1 Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2009-2096 1 David Degner 1 Phpcollegeexchange 2026-04-23 N/A
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
CVE-2009-2008 1 Dokeos 1 Dokeos 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
CVE-2008-4643 1 Mywebland 1 Mystats 2026-04-23 N/A
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-0491 1 Fgallery Project 1 Fgallery 2026-04-23 N/A
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2008-1843 1 W2b 1 Dating Club 2026-04-23 N/A
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
CVE-2008-5654 1 Myiosoft 1 Easycalendar 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
CVE-2008-5653 1 Myiosoft.com 1 Ajaxportal 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4633 1 Drupal 2 Drupal, Node Clone 2026-04-23 N/A
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
CVE-2008-5652 1 Myiosoft 1 Easybookmarker 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4717 1 Zeeways 1 Zeelyrics 2026-04-23 N/A
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2008-4732 2 Pressography, Wordpress 2 Wp Comment Remix Plugin, Wordpress 2026-04-23 N/A
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-4628 1 Mywebland 1 Minibloggie 2026-04-23 N/A
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-4574 1 Aspindir 1 Ayco Okul Portali 2026-04-23 N/A
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2008-0232 1 Zero Cms 1 Zero Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.