Export limit exceeded: 19356 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6787 | 1 Jeremy Powers | 1 Lizardware Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user. | ||||
| CVE-2008-6572 | 1 Abledating | 1 Abledating | 2026-04-23 | N/A |
| SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | ||||
| CVE-2009-3443 | 2 Fastballproductions, Joomla | 2 Com Fastball, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | ||||
| CVE-2008-0461 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2770 | 1 Mycrocms | 1 Mycrocms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | ||||
| CVE-2009-3212 | 1 Dimofinf | 1 Infinity Script | 2026-04-23 | N/A |
| SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2008-0601 | 1 All Club Cms | 1 All Club Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2026-04-23 | N/A |
| SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | ||||
| CVE-2008-2384 | 3 Apache, Joey Schulze, Redhat | 3 Http Server, Mod Auth Mysql, Enterprise Linux | 2026-04-23 | N/A |
| SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. | ||||
| CVE-2008-2416 | 1 Fichive | 1 Fichive | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php. | ||||
| CVE-2009-3335 | 2 Joomla, Turtus | 2 Joomla\!, Turtushout | 2026-04-23 | N/A |
| SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. | ||||
| CVE-2008-6789 | 1 Minddezign | 1 Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | ||||
| CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2026-04-23 | N/A |
| SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | ||||
| CVE-2009-4256 | 1 Truesolution | 1 Alefmentor | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4604 | 1 Dinkumsoft.com | 1 Dl Paycart | 2026-04-23 | N/A |
| SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | ||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||||
| CVE-2008-6596 | 1 Phpcredo | 1 Phcdownload | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2026-04-23 | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | ||||
| CVE-2008-6851 | 1 Php Link Directory | 1 Php Link Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||