Export limit exceeded: 19556 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19556 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | ||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2026-04-16 | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | ||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | ||||
| CVE-2005-3881 | 1 Altantisfaq | 1 Altantis Knowledge Base Software | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | ||||
| CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | ||||
| CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2026-04-16 | N/A |
| SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2003-1504 | 1 Goldscripts | 1 Goldlink | 2026-04-16 | N/A |
| SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. | ||||
| CVE-2006-1871 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | ||||
| CVE-2003-1340 | 1 Phpnuke | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. | ||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2026-04-16 | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | ||||
| CVE-2005-3952 | 1 Php Labs | 1 Top Auction | 2026-04-16 | N/A |
| SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0. | ||||
| CVE-2005-1487 | 1 Fishnet | 1 Fishcart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable | ||||
| CVE-2005-3984 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. | ||||
| CVE-2006-4064 | 1 Yenerturk | 1 Yenerturk Haber Script | 2026-04-16 | N/A |
| SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected. | ||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | 6.3 Medium |
| SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | ||||
| CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | ||||
| CVE-2006-0403 | 1 E-moblog | 1 E-moblog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect. | ||||
| CVE-2005-3325 | 2 Acid, Secureideas | 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. | ||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | ||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2026-04-16 | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | ||||