Search Results (19733 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0402 1 Gplhost 1 Domain Technologie Control 2026-04-23 N/A
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
CVE-2008-0690 1 Joomla 1 Com Directory 2026-04-23 N/A
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.
CVE-2009-0337 1 Katywhitton 1 Blogit\! 2026-04-23 N/A
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0333 1 Joomla 2 Com Waticketsystem, Joomla 2026-04-23 N/A
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2008-1272 1 Bmscripts 1 Bm Classifieds 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
CVE-2009-0332 1 Avbooklibrary 1 Avbooklibrary 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
CVE-2009-3062 1 Phplivesupport. 1 Phplive\! 2026-04-23 N/A
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
CVE-2009-0252 1 Enthrallweb 1 Ereservations 2026-04-23 N/A
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2009-3778 2 Adam Gerson, Drupal 2 Moodle Courselist, Drupal 2026-04-23 N/A
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-0531 1 Ontarioabandonedplaces 1 A Better Member-based Asp Photo Gallery 2026-04-23 N/A
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2008-7097 1 Qsoft-inc 1 K-rate 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.
CVE-2008-5654 1 Myiosoft 1 Easycalendar 2026-04-23 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
CVE-2007-2673 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.
CVE-2008-5633 1 Activewebsoftwares 1 Activevotes 2026-04-23 N/A
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-5630 1 Qualityunit 1 Post Affiliate Pro 2026-04-23 N/A
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
CVE-2008-5574 1 Unscripts 1 Webmaster Marketplace 2026-04-23 N/A
SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2008-5571 1 Dotnetindex 1 Professional Download Assistant 2026-04-23 N/A
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
CVE-2008-1968 1 Cezannesw 1 Cezanne 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
CVE-2007-0985 1 Phpcc 1 Phpcc 2026-04-23 N/A
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
CVE-2007-0984 1 Aspcode.net 1 Pollmentor 2026-04-23 N/A
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.