Export limit exceeded: 347479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18858 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2026-04-23 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | ||||
| CVE-2008-5707 | 1 Aspindir | 1 Iltaweb Alisveris Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. | ||||
| CVE-2008-5874 | 2 Joomla, Joomlahbs | 4 Joomla, Com 5starhotels, Com Allhotels and 1 more | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-4895 | 1 Yourfreeworld | 1 Downline Builder Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-6282 | 1 Ortus.nirn | 1 Cms Ortus | 2026-04-23 | N/A |
| SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | ||||
| CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2026-04-23 | N/A |
| SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | ||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2026-04-23 | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1661 | 1 Anoldman | 1 Utopic | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | ||||
| CVE-2009-3209 | 1 Raizlabs | 1 Php Email Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2008-0451 | 1 Pacercms | 1 Pacercms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. | ||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2026-04-23 | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2883 | 1 Arabless | 1 Saphplesson | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php. | ||||
| CVE-2007-6014 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter. | ||||
| CVE-2008-2679 | 1 Realm Project | 1 Realm Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI. | ||||
| CVE-2008-2394 | 1 Tagworx | 1 Tagworx Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php. | ||||
| CVE-2008-3498 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2026-04-23 | N/A |
| SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0565 | 1 Deltascripts | 1 Php Links | 2026-04-23 | N/A |
| SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-0739 | 1 Shoppingtree | 1 Candypress Store | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter. | ||||
| CVE-2009-3062 | 1 Phplivesupport. | 1 Phplive\! | 2026-04-23 | N/A |
| SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | ||||
| CVE-2008-3554 | 1 Comsenz | 1 Discuz | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action. | ||||