Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5922 1 Cfagcms 1 Cfagcms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
CVE-2008-5924 1 Asp-dev 1 Xm Events Diary 2026-04-23 N/A
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5925 1 Asp-dev 1 Xm Events Diary 2026-04-23 N/A
ASP-DEv XM Events Diary stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for diary.mdb.
CVE-2008-5930 1 The Net Guys 1 Aspired2blog 2026-04-23 N/A
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
CVE-2008-5932 1 Codeavalanche 1 Freeforum 2026-04-23 N/A
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5933 1 Cmsisweb 1 Cms Isweb 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5934 1 Cmsisweb 1 Cms Isweb 2026-04-23 N/A
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
CVE-2008-5935 1 Factosystem 1 Factosystem Weblog 2026-04-23 N/A
Facto stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for database/facto.mdb. NOTE: some of these details are obtained from third party information.
CVE-2008-5941 1 Modxcms 1 Modxcms 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
CVE-2008-5942 1 Modxcms 1 Modxcms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939.
CVE-2008-5944 1 Navboard 1 Navboard 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2008-5940 1 Modxcms 1 Modxcms 2026-04-23 N/A
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5945 1 Nukevietcms 1 Nukeviet 2026-04-23 N/A
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5948 1 Bncwi 1 Bncwi 2026-04-23 N/A
Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter.
CVE-2008-5949 1 Tiddlywiki 1 Cctiddly 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
CVE-2008-5953 1 Ktp Computer Customer Database 1 Ktp Computer Customer Database 2026-04-23 N/A
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
CVE-2008-5960 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5965 1 Lokicms 1 Lokicms 2026-04-23 N/A
Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter.
CVE-2008-5969 1 Sunbyte 1 E-flower 2026-04-23 N/A
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5970 1 I-netsolution 1 Orkut Clone 2026-04-23 N/A
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.