Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0443 1 Tinybb 1 Tinybb 2025-04-11 N/A
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4955 1 Php-programs 1 Apboard Developers Apboard 2025-04-11 N/A
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
CVE-2010-4849 1 Alibabaclone 1 Alibaba Clone B2b 2025-04-11 N/A
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2009-4669 1 Beaussier 1 Roomphplanning 2025-04-11 N/A
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.
CVE-2009-4967 2 Jochen Rieger, Typo3 2 Car, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4985 1 Websitesrus 1 Accessories Me Php Affiliate Script 2025-04-11 N/A
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.
CVE-2011-4026 1 Xia Zuojie 1 Nexusphp 2025-04-11 N/A
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-7247 2 Joomla, Mambo-foundation 3 Com Weblinks, Joomla\!, Mambo 2025-04-11 N/A
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2010-4641 1 Xwiki 1 Xwiki 2025-04-11 N/A
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4638 2 Iptechinside, Joomla 2 Com Jquarks4s, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-4633 1 Sumeffect 1 Digishop 2025-04-11 N/A
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.
CVE-2010-4632 1 Pilotcart 1 Pilot Cart 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
CVE-2011-2688 3 Apache, Debian, Mod Authnz External Project 3 Http Server, Debian Linux, Mod Authnz External 2025-04-11 N/A
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2010-5008 1 Denaliintranet 1 Brightsuite Groupware 2025-04-11 N/A
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
CVE-2011-5110 1 John Geo 1 Blogs Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.
CVE-2013-7225 1 Fatfreecrm 1 Fat Free Crm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
CVE-2013-4386 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2012-1116 1 Joomla 1 Joomla\! 2025-04-11 N/A
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2317 1 Wmsdesign 1 Wmscms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
CVE-2010-0372 2 Hong Chuyen, Joomla 2 Com Articlemanager, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.