Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11413 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-11412 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2006-6095 | 1 Dotnetindex | 1 Active News Manager | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | |||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | |||||
| CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | |||||
| CVE-2006-3181 | 1 Mobescripts | 1 Mobile Space Community | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | |||||
| CVE-2006-4214 | 1 Zen Cart | 1 Zen Cart | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | |||||
| CVE-2006-2301 | 1 Ozzywork | 1 Galeri | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | |||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | |||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-2239 | 1 Tuomas Airaksinen | 1 Newsadmin | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-1006 | 1 Sendcard | 1 Sendcard | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2006-1501 | 1 Oneorzero | 1 Oneorzero | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | |||||
| CVE-2006-1751 | 1 Michiel Van Baak | 1 Mvblog | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-4380 | 1 Bitweaver | 1 Bitweaver | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | |||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | |||||
| CVE-2005-4382 | 1 Citysoft | 1 Community Enterprise | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | |||||