Export limit exceeded: 19624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. | ||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | ||||
| CVE-2008-2846 | 1 Boatscripts | 1 Boatscripts Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter. | ||||
| CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2026-04-23 | N/A |
| SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | ||||
| CVE-2008-6618 | 1 Netlab | 1 Classsystem | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php. | ||||
| CVE-2009-4203 | 1 Arabportal | 1 Arab Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. | ||||
| CVE-2009-1033 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | ||||
| CVE-2009-4360 | 2 Handcoders, Xoops | 2 Content Module, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2007-1171 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | ||||
| CVE-2007-6217 | 1 Irola | 1 My-time | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6172 | 1 Wire Plastic Design | 1 Wpquiz | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | ||||
| CVE-2007-4602 | 1 Implied By Design | 1 Micro Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3302 | 1 Tuxplanet | 1 Bilboblog | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | ||||
| CVE-2008-6007 | 1 Quidascript | 1 Bookmarks Favourites Script | 2026-04-23 | N/A |
| SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0695 | 1 Bookmarkx | 1 Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. | ||||
| CVE-2007-5372 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | ||||
| CVE-2008-2628 | 2 Joomla, Ron Liskey | 2 Joomla, Com Equotes | 2026-04-23 | N/A |
| SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2008-2629 | 2 Drupal, Lifetype | 2 Drupal, Lifetype | 2026-04-23 | N/A |
| SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | ||||
| CVE-2008-6633 | 1 Beaussier | 1 Roomphplanning | 2026-04-23 | N/A |
| SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php. | ||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||