Total
19435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3752 | 1 Yourfreeworld | 1 Ad-exchange Script | 2026-04-23 | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3753 | 1 Yourfreeworld | 1 Programs Rating Script | 2026-04-23 | N/A |
| SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2026-04-23 | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | ||||
| CVE-2009-1626 | 1 Will Kraft | 1 Ez-blog | 2026-04-23 | N/A |
| SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | ||||
| CVE-2008-3720 | 1 Deeemm | 1 Dmcms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. | ||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2026-04-23 | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | ||||
| CVE-2008-3672 | 1 Pozscripts | 1 Classified Ads | 2026-04-23 | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3682 | 1 Ypninc | 1 Php Realty | 2026-04-23 | N/A |
| SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter. | ||||
| CVE-2009-2929 | 1 Tgs-cms | 1 Tgs Content Management | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. | ||||
| CVE-2008-3306 | 1 Youtube Blog | 1 Youtube Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3352 | 1 Nersoft | 1 Live Music Plus | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. | ||||
| CVE-2008-3359 | 1 Owl | 1 Intranet Knowledgebase | 2026-04-23 | N/A |
| SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-3366 | 1 Pligg | 1 Pligg Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774. | ||||
| CVE-2008-3369 | 1 Viart | 1 Viart Shop | 2026-04-23 | N/A |
| SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | ||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2026-04-23 | N/A |
| SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | ||||
| CVE-2008-3382 | 1 Mojoscripts | 1 Mojoclassifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | ||||
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-23 | N/A |
| SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | ||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2026-04-23 | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | ||||
| CVE-2008-3413 | 1 Greatclone | 1 Auction Platinum | 2026-04-23 | N/A |
| SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | ||||