Export limit exceeded: 19648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19648 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0835 1 Simple Cms 1 Simple Cms 2026-04-23 N/A
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
CVE-2008-7077 1 Relative 1 Sailplanner 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-3783 1 Matterdaddy 1 Matterdaddy Market 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
CVE-2009-2591 2 E-xoopport, Runcms 2 E-xoopport, Myannonces 2026-04-23 N/A
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
CVE-2008-7153 1 Docebo 1 Docebo 2026-04-23 N/A
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2009-2603 1 E-supportportal 1 Escon Supportportal Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
CVE-2009-2604 1 Zenhelpdesk 1 Zen Help Desk 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
CVE-2009-2605 1 Traidnt 1 Traidnt Up 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
CVE-2008-2451 1 Inmedias 1 Statistics 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2026-04-23 N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
CVE-2009-2608 1 Chatelao 1 Php Address Book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
CVE-2008-3867 1 Cce-interact 1 Interact 2026-04-23 N/A
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.
CVE-2009-3165 1 Mozilla 1 Bugzilla 2026-04-23 N/A
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-2640 1 Interlogy 1 Profile Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
CVE-2008-3952 1 Editeurscripts Esfaq 1 2.0 2026-04-23 N/A
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
CVE-2008-0853 2 Joomla, Mambo 2 Com Detail, Com Detail 2026-04-23 N/A
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
CVE-2008-1841 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
CVE-2008-2901 1 Haudenschilt 1 Family Connections Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.
CVE-2009-4499 1 Zabbix 1 Zabbix 2026-04-23 N/A
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
CVE-2008-2501 1 Henning Stoverud 1 Phphotoalbum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.