Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1298 | 2 Kyantonius, Php-nuke | 2 Hadith Module, Hadith Module | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php. | |||||
| CVE-2020-29147 | 1 Wayang-cms Project | 1 Wayang-cms | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | |||||
| CVE-2011-0443 | 1 Tinybb | 1 Tinybb | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2017-15378 | 1 Softwarepublico | 1 E-sic | 2024-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | |||||
| CVE-2018-16432 | 1 Bluecms Project | 1 Bluecms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. | |||||
| CVE-2010-0762 | 1 Commodityrentals | 1 Cd Rental Software | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2024-02-14 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2011-5091 | 1 Grboard | 1 Grboard | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php. | |||||
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2024-02-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6109 | 1 Candypress | 1 Candypress Store | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp. | |||||
| CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2018-20477 | 1 S-cms | 1 S-cms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | |||||
| CVE-2011-5022 | 1 Pligg | 1 Pligg Cms | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||||
| CVE-2009-1066 | 1 Getpixie | 1 Pixie Cms | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request. | |||||
| CVE-2007-0789 | 1 Mambo | 1 Mambo | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2017-15379 | 1 Softwarepublico | 1 E-sic | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password. | |||||
| CVE-2007-5222 | 1 Maxdev | 1 Mdpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. | |||||
| CVE-2007-1302 | 1 Li-scripts | 1 Li-guestbook | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected. | |||||