Filtered by CWE-89
Filtered by vendor Subscriptions
Total 18709 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-5958 1 Activewebsoftwares 1 Active Test 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
CVE-2008-0301 1 Mapbender 1 Mapbender 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
CVE-2008-4332 1 Cannot 1 Php Infoboard 2025-04-09 N/A
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.
CVE-2008-5803 1 E-topbiz 1 Online Store 2025-04-09 N/A
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
CVE-2008-3580 1 Qsoft 1 K-links 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
CVE-2007-5150 1 Nukescripts 1 Nukesentinel 2025-04-09 N/A
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
CVE-2008-5651 1 Myiosoft 1 Easybookmarker 2025-04-09 N/A
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
CVE-2007-4719 1 212cafe 1 212cafeboard 2025-04-09 N/A
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5632 1 Activewebsoftwares 1 Active Time Billing 2025-04-09 N/A
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
CVE-2009-0597 1 W3b Cms 1 Aka W3blabor Cms 2025-04-09 N/A
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
CVE-2009-3116 1 Uiga 1 Church Portal 2025-04-09 N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.
CVE-2009-3150 1 Multi-website 1 Multi Website 2025-04-09 N/A
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
CVE-2008-2083 1 Prozilla 1 Hosting Index 2025-04-09 N/A
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-5957 2 Joomla, Mydyngallery 2 Joomla, Mydyngallery 2025-04-09 N/A
SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php.
CVE-2008-5959 1 Active Web Softwares 1 Active Test 2025-04-09 N/A
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2009-3165 1 Mozilla 1 Bugzilla 2025-04-09 N/A
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2008-0815 2 Egitimhost, Joomla 2 Com Mezun, Com Mezun 2025-04-09 N/A
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
CVE-2008-7040 2 Wordpress, Yellowswordfish 2 Wordpress, Simple Forum 2025-04-09 N/A
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2008-4633 1 Drupal 2 Drupal, Node Clone 2025-04-09 N/A
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
CVE-2008-5974 1 Activewebsoftwares 1 Active Price Comparison 2025-04-09 N/A
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.