Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6157 | 1 Michaelis Freunde | 1 Contentnow | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. | |||||
| CVE-2006-5840 | 1 Abarcar | 1 Abarcar Realty Portal | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version. | |||||
| CVE-2006-5829 | 1 Aiocp | 1 Aiocp | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. | |||||
| CVE-2006-5629 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | |||||
| CVE-2006-5606 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | |||||
| CVE-2006-5221 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php. | |||||
| CVE-2006-4785 | 1 Moodle | 1 Moodle | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | |||||
| CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | |||||
| CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4042 | 1 Mywebland | 1 Mybloggie | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | |||||
| CVE-2006-4039 | 1 Chaossoft | 1 Gaestechaos | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | |||||
| CVE-2006-4064 | 1 Yenerturk | 1 Yenerturk Haber Script | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected. | |||||
| CVE-2006-4010 | 1 Vwar | 1 Virtual War | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139. | |||||
| CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | |||||
| CVE-2006-7232 | 2 Canonical, Mysql | 2 Ubuntu Linux, Mysql | 2018-10-17 | 3.5 LOW | N/A |
| sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | |||||
| CVE-2018-1000650 | 1 Librehealth | 1 Librehealth Ehr | 2018-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. | |||||
| CVE-2008-0504 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2018-10-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. | |||||
| CVE-2007-3399 | 1 Phpee | 1 Power Phlogger | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. | |||||
| CVE-2007-3301 | 1 Fusetalk | 1 Fusetalk | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273. | |||||
| CVE-2007-3063 | 1 Mealex | 1 My Databook | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | |||||