ReportizFlow
Filtered by vendor
Subscriptions
Total
18945 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4364 | 1 Parsagostar | 1 Parsaweb Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | ||||
| CVE-2008-4369 | 1 Availscript | 1 Availscript Photo Album | 2026-04-23 | N/A |
| SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2008-4375 | 1 Availscript | 1 Availscript Classmate Script | 2026-04-23 | N/A |
| SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2026-04-23 | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | ||||
| CVE-2009-1411 | 1 Neocrome | 1 Seditio | 2026-04-23 | N/A |
| SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. | ||||
| CVE-2010-0333 | 2 Matthias Graubner, Typo3 | 2 Mg Help, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-4431 | 1 Icebb | 1 Icebb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | ||||
| CVE-2008-4433 | 2 Rmsoft, Xoops | 2 Minishop Module, Xoops | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. | ||||
| CVE-2009-1509 | 1 Myiosoft | 1 Ajaxportal | 2026-04-23 | N/A |
| SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2010-0334 | 2 Francisco Cifuentes, Typo3 | 2 Vote For Tt News, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2026-04-23 | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4516 | 1 Galerie | 1 Galerie | 2026-04-23 | N/A |
| SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. | ||||
| CVE-2009-1787 | 1 Phpdirsubmit | 1 Php Dir Submit | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters. | ||||
| CVE-2009-1799 | 1 Sebastian-thiele | 1 St-gallery | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php. | ||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | ||||