Export limit exceeded: 19543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3719 | 1 Scripts-for-sites | 1 Affiliate Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action. | ||||
| CVE-2008-4613 | 1 Portalapp | 1 Portalapp | 2026-04-23 | N/A |
| SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | ||||
| CVE-2009-2598 | 1 Onlinegrades | 1 Online Grades | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. | ||||
| CVE-2008-6309 | 1 W3matter | 1 Askpert | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3175 | 1 Boldfx | 1 Model Agency Manager Pro | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | ||||
| CVE-2009-1033 | 1 Deluxebb | 1 Deluxebb | 2026-04-23 | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503. | ||||
| CVE-2008-4091 | 1 Source Workshop | 1 Web Directory Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | ||||
| CVE-2008-4073 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | ||||
| CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2026-04-23 | N/A |
| SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | ||||
| CVE-2009-4155 | 1 Eshopbuilder | 1 Eshopbuilde Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp. | ||||
| CVE-2007-4979 | 1 Kwsphp | 1 Kwsphp | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2. | ||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4540 | 1 Olate | 1 Olatedownload | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. | ||||
| CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php. | ||||
| CVE-2008-7083 | 1 Revou | 1 Micro Blogging Twitter Clone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2008-3497 | 1 Myphp Cms | 1 Myphp Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2008-6390 | 1 Ocean12tech | 1 Membership Manager Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3973 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629. | ||||
| CVE-2009-2326 | 1 Max Kervin | 1 Kervinet Forum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack. | ||||
| CVE-2007-5974 | 1 Jportal | 1 Jportal Web Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | ||||