Export limit exceeded: 18937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10157 | 1 Phpgurukul | 1 Boat Booking System | 2025-04-03 | 7.3 High |
| A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username/mobileno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2005-4199 | 1 Mybb | 1 Mybb | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | ||||
| CVE-2005-4232 | 1 Jamit | 1 Jamit Job Board | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection | ||||
| CVE-2005-4198 | 1 Netref | 1 Netref | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | ||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2025-04-03 | N/A |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | ||||
| CVE-2005-4195 | 2 Internet Scout, Internet Scout Project | 2 Scout Portal Toolkit, Scout Portal Toolkit | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. | ||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2025-04-03 | N/A |
| SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | ||||
| CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | N/A |
| SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2025-04-03 | N/A |
| SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | ||||
| CVE-2005-3686 | 1 Newsboard | 1 Unclassified Newsboard | 2025-04-03 | N/A |
| SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | ||||
| CVE-2005-3646 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | ||||
| CVE-2005-4382 | 1 Citysoft | 1 Community Enterprise | 2025-04-03 | N/A |
| SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | ||||
| CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | ||||
| CVE-2002-2252 | 1 Atthat.com | 1 Thatware | 2025-04-03 | N/A |
| SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter. | ||||
| CVE-2006-4010 | 1 Vwar | 1 Virtual War | 2025-04-03 | N/A |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. | ||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2025-04-03 | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2025-04-03 | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | ||||
| CVE-2006-0510 | 1 Daffodil Software | 1 Daffodil Crm | 2025-04-03 | N/A |
| SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | ||||