Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | |||||
| CVE-2008-3189 | 1 Dreamlevels | 1 Dreamnews Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5648 | 1 Deltascripts | 1 Php Shop | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5838 | 1 Ephpscripts | 1 E-shop Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-0428 | 1 Dmxready | 1 Secure Document Library | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6246 | 1 Scripts-for-sites | 1 Ez Webring | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-0333 | 1 Joomla | 2 Com Waticketsystem, Joomla | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
| CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | |||||
| CVE-2007-6137 | 1 P3mbo | 1 Content Injector | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5058 | 1 Preproject | 1 Pre Simple Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6150 | 1 Sepcity | 1 Classified Ads | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-5365 | 1 Activewebsoftwares | 1 Activevotes | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0196 | 1 Motionborg | 1 Motionborg Web Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||||
| CVE-2006-6880 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||