Search Results (19728 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1018 1 Dci-designs 1 Dawaween 2026-04-16 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action.
CVE-2005-3646 2 Phpadsnew, Phppgads 2 Phpadsnew, Phppgads 2026-04-16 N/A
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
CVE-2006-0269 1 Oracle 1 Oracle10g 2026-04-16 N/A
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.
CVE-2006-0240 1 8pixel.net 1 Simple Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
CVE-2006-4214 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php).
CVE-2002-2252 1 Atthat.com 1 Thatware 2026-04-16 N/A
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
CVE-2005-3325 2 Acid, Secureideas 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
CVE-2003-0286 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
CVE-2005-4058 1 Saralblog 1 Saralblog 2026-04-16 N/A
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php.
CVE-2004-2695 2 Jelsoft, Point-to-point Protocol Project 2 Vbulletin, Point-to-point Protocol 2026-04-16 N/A
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
CVE-2006-1751 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2003-1520 1 Fuzzymonkey 1 Myclassifieds 2026-04-16 N/A
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2003-1244 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2005-3543 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
CVE-2006-1330 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.
CVE-2005-4071 1 Cfmagic 1 Magic Forum Personal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
CVE-2006-2760 1 Warpspeed 1 4nforum 2026-04-16 N/A
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2005-3877 1 Cafuego 1 Simple Document Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
CVE-2005-3744 1 Phpcomasy 1 Phpcomasy 2026-04-16 N/A
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
CVE-2006-3688 1 Francisco Charrua 1 Photo-gallery 2026-04-16 N/A
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.