Search Results (19728 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0199 1 Mini-nuke 1 Cms System 2026-04-16 N/A
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2006-3318 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
CVE-2005-4478 1 Papoo 1 Papoo 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.
CVE-2003-1458 1 Ttcms 2 Ttcms, Ttforum 2026-04-16 N/A
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
CVE-2005-3046 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
CVE-2003-1530 1 Phpbb 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2004-1339 1 Oracle 2 Database Server, Oracle9i 2026-04-16 N/A
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
CVE-2006-4010 1 Vwar 1 Virtual War 2026-04-16 N/A
SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.
CVE-2004-0366 1 Pam-pgsql 1 Pam-pgsql 2026-04-16 N/A
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
CVE-2003-1533 1 Phppass 1 Phppass 2026-04-16 N/A
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
CVE-2005-4606 1 Webwiz 4 Database Login, Journal, Site News and 1 more 2026-04-16 N/A
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
CVE-2005-4380 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4232 1 Jamit 1 Jamit Job Board 2026-04-16 N/A
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection
CVE-2006-3048 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2005-4198 1 Netref 1 Netref 2026-04-16 N/A
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
CVE-2006-3181 1 Mobescripts 1 Mobile Space Community 2026-04-16 N/A
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.
CVE-2006-4039 1 Chaossoft 1 Gaestechaos 2026-04-16 N/A
Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2026-04-16 N/A
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2005-3553 1 Phpkit 1 Phpkit 2026-04-16 N/A
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
CVE-2005-4027 1 Simplemedia 1 Simplebbs 2026-04-16 N/A
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.