Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2025-04-09 | N/A |
| SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | ||||
| CVE-2008-2339 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. | ||||
| CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | ||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | ||||
| CVE-2007-6032 | 1 Aleris | 1 Web Publishing Server | 2025-04-09 | N/A |
| SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | ||||
| CVE-2007-5646 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. | ||||
| CVE-2007-3447 | 1 Bugmall | 1 Shopping Cart | 2025-04-09 | N/A |
| SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | ||||
| CVE-2008-5638 | 1 Activewebsoftwares | 1 Active Price Comparison | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp. | ||||
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2025-04-09 | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | ||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2025-04-09 | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | ||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2025-04-09 | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5606 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | ||||
| CVE-2008-6364 | 1 Adserversolutions | 1 Banner Exchange Software | 2025-04-09 | N/A |
| SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6342 | 1 David Castro | 1 Apache Authcas | 2025-04-09 | N/A |
| SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | ||||
| CVE-2008-3256 | 1 Siteframe | 2 Siteframe Beaumont, Siteframe Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-5950 | 1 Aspapps | 1 Template Creature | 2025-04-09 | N/A |
| SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | ||||
| CVE-2022-41703 | 1 Apache | 1 Superset | 2025-04-08 | 5.4 Medium |
| A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2025-3170 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-04-08 | 7.3 High |
| A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-30243 | 2025-04-08 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. | ||||
| CVE-2025-3171 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-04-08 | 7.3 High |
| A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||