Search Results (19761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1654 1 Instantrankingseo 1 Infocus Real Estate 2025-04-11 N/A
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-1656 1 Airiny 1 Com Abc 2025-04-11 N/A
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
CVE-2010-3458 1 Getsymphony 1 Symphony 2025-04-11 N/A
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
CVE-2010-1702 1 Whmcs 1 Whmcs 2025-04-11 N/A
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
CVE-2010-1704 1 2daybiz 1 Polls Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
CVE-2010-1705 1 Rocky.nu 1 Modelbook 2025-04-11 N/A
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
CVE-2010-1706 1 2daybiz 1 Auction Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1733 1 Ocsinventory-ng 1 Ocs Inventory Ng 2025-04-11 N/A
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1739 1 Joomla 2 Com Newsfeeds, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
CVE-2010-1740 1 Freeguppy 1 Guppy 2025-04-11 N/A
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
CVE-2010-4363 1 Mrcgiguy 1 Freeticket 2025-04-11 N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.
CVE-2010-1857 1 Realitymedias 1 Repairshop2 2025-04-11 N/A
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1865 1 Csphere 1 Clansphere 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
CVE-2009-4680 1 Phpdirectorysource 1 Phpdirectorysource 2025-04-11 N/A
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2009-4667 1 Phpmember 1 Webmember 2025-04-11 N/A
SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.
CVE-2010-1994 1 Tomatocms 1 Tomatocms 2025-04-11 N/A
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.
CVE-2010-2016 1 Imagetraders 1 Iceberg Cms 2025-04-11 N/A
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.
CVE-2010-3922 1 Sixapart 1 Movabletype 2025-04-11 N/A
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2124 1 Bartels-schoene 1 Conpresso 2025-04-11 N/A
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2133 1 Mylittleforum 1 My Little Forum 2025-04-11 N/A
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.