Export limit exceeded: 19728 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19728 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3497 1 Phphandicapper 1 Php Handicapper 2026-04-16 N/A
SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct
CVE-2005-4071 1 Cfmagic 1 Magic Forum Personal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
CVE-2006-0602 1 Hinton Design 1 Phphg Guestbook 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php.
CVE-2006-0510 1 Daffodil Software 1 Daffodil Crm 2026-04-16 N/A
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.
CVE-2006-0692 1 Carey Briggs 1 Php Mysql Timesheet 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.
CVE-2005-1017 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.
CVE-2005-3877 1 Cafuego 1 Simple Document Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
CVE-2005-4382 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.
CVE-2006-4734 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
CVE-2006-2977 1 Mafia Moblog 1 Mafia Moblog 2026-04-16 N/A
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2003-1520 1 Fuzzymonkey 1 Myclassifieds 2026-04-16 N/A
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2005-0413 1 Myphp Forum 1 Myphp Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
CVE-2003-1244 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-1340 1 Phpnuke 1 Php-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
CVE-2002-2252 1 Atthat.com 1 Thatware 2026-04-16 N/A
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
CVE-2006-0403 1 E-moblog 1 E-moblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect.
CVE-2006-0412 1 Gencbeyin Web Programlama 1 Cybershop 2026-04-16 N/A
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
CVE-2004-2695 2 Jelsoft, Point-to-point Protocol Project 2 Vbulletin, Point-to-point Protocol 2026-04-16 N/A
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
CVE-2006-1330 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.
CVE-2004-2751 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.