Export limit exceeded: 362717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19645 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0704 1 Webmastersite 1 Wsn Guest 2026-04-23 N/A
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
CVE-2009-2310 1 Bow Der Kleine 1 X-blc 2026-04-23 N/A
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2009-0702 2 Joomla, Phoca 2 Joomla, Com Phocadocumentation 2026-04-23 N/A
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
CVE-2008-6086 1 Camera Life 1 Camera Life 2026-04-23 N/A
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
CVE-2009-3438 2 Joomla, Witchakorn Kamolpornwijit 2 Joomla, Com Facebook 2026-04-23 N/A
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
CVE-2009-3308 1 Fanupdate 1 Fanupdate 2026-04-23 N/A
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2008-4178 1 Downline Goldmine 2 Builder, New Addon 2026-04-23 N/A
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-5061 1 Clansphere 1 Clansphere 2026-04-23 N/A
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
CVE-2008-4177 1 Preprojects 1 Pre Real Estate Listings 2026-04-23 N/A
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2008-4171 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2008-4161 1 Assetman 1 Assetman 2026-04-23 N/A
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
CVE-2008-4150 1 Dieselscripts 1 Diesel Joke Site 2026-04-23 N/A
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
CVE-2009-2886 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2008-4143 1 Razorecommerce 1 Shopping Cart 2026-04-23 N/A
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0597 1 W3b Cms 1 Aka W3blabor Cms 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
CVE-2009-0593 1 Plxwebdev 1 Plx Auto Reminder 2026-04-23 N/A
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
CVE-2009-3337 1 S9y 1 Serendipity Event Freetag 2026-04-23 N/A
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
CVE-2009-0531 1 Ontarioabandonedplaces 1 A Better Member-based Asp Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2009-3533 1 John Beranek 1 Meeting Room Booking System 2026-04-23 N/A
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0479 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.