Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4039 | 1 Chaossoft | 1 Gaestechaos | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | ||||
| CVE-2005-3646 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | ||||
| CVE-2006-3181 | 1 Mobescripts | 1 Mobile Space Community | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | ||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | ||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2005-4500 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered. | ||||
| CVE-2005-4495 | 1 Spiremedia | 1 Mx7 | 2026-04-16 | N/A |
| SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax | ||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | 6.3 Medium |
| SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | ||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | ||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | ||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2026-04-16 | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | ||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2026-04-16 | N/A |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | ||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | ||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2026-04-16 | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | ||||
| CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | ||||
| CVE-2006-0249 | 1 Bitdamaged | 1 Geoblog | 2026-04-16 | N/A |
| SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). | ||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1501 | 1 Oneorzero | 1 Oneorzero | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | ||||
| CVE-2003-1530 | 1 Phpbb | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. | ||||