Search Results (19725 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0939 1 Wordpress 1 Photo Album Plugin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
CVE-2008-6146 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989.
CVE-2008-3386 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
CVE-2008-0937 2 Tinyevent, Xoops 2 Tinyevent, Tiny Event Module 2026-04-23 N/A
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
CVE-2008-5198 1 Vizzed 1 Acmlmboard 2026-04-23 N/A
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
CVE-2009-3417 2 Idojoomla, Joomla 2 Com Idoblog, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
CVE-2008-6120 1 Socialengine 1 Socialengine 2026-04-23 N/A
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.
CVE-2008-5212 1 Aj Square 1 Aj Auction 2026-04-23 N/A
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2009-3972 2 Joomla, Qproje 2 Joomla\!, Com Siirler 2026-04-23 N/A
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVE-2008-6114 2 E107, Mytipper 2 E107, Zogo Shop 2026-04-23 N/A
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-3439 1 Alienvault 1 Ossim 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.
CVE-2009-1751 1 Realtywebware 1 Realty Web-base 2026-04-23 N/A
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3212 1 Scripteen 1 Free Image Hosting Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3355 1 Camera Life 1 Camera Life 2026-04-23 N/A
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
CVE-2009-1764 1 Bokecc 1 Maxcms 2026-04-23 N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-4163 2 Tw Productfinder, Typo3 2 Tw Productfinder, Typo3 2026-04-23 N/A
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6093 1 Noname-cms 1 Noname Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.
CVE-2009-3436 1 Maxwebportal 1 Maxwebportal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417.
CVE-2009-4155 1 Eshopbuilder 1 Eshopbuilde Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp.
CVE-2007-6575 1 Brand039 1 Mmslamp 2026-04-23 N/A
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.