Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | ||||
| CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2025-04-03 | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | ||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2025-04-03 | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | ||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2025-04-03 | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2025-04-03 | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | ||||
| CVE-2006-0160 | 1 Venom Board | 1 Venom Board | 2025-04-03 | N/A |
| SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. | ||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2025-04-03 | N/A |
| The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. | ||||
| CVE-2002-2277 | 1 Portail Web Php | 1 Portail Web Php | 2025-04-03 | N/A |
| SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | ||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. | ||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | ||||
| CVE-2006-0897 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2025-04-03 | N/A |
| SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher | ||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | ||||
| CVE-2006-1006 | 1 Sendcard | 1 Sendcard | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | ||||
| CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | ||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | N/A |
| SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4042 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | ||||
| CVE-2024-36801 | 1 Sem-cms | 1 Semcms | 2025-04-03 | 5.9 Medium |
| A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php. | ||||
| CVE-2024-36800 | 1 Sem-cms | 1 Semcms | 2025-04-03 | 7.5 High |
| A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | ||||