Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3762 1 Turnkeywebtools 1 Php Live Helper 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVE-2008-3768 1 Turnkeywebtools 1 Sunshop Shopping Cart 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
CVE-2008-3347 1 Myiosoft 1 Easydynamicpages 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
CVE-2008-3343 1 Myiosoft 1 Easypublish 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
CVE-2008-3369 1 Viart 1 Viart Shop 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-3374 1 Gregarius 1 Gregarius 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
CVE-2008-3388 1 Easy-script 1 Def Blog 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
CVE-2008-3512 1 Php Nuke 1 Kleinanzeigen Module 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
CVE-2008-3513 1 Php Nuke 1 Basis Consultant Book Catalog 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
CVE-2008-3556 1 Haudenschilt 1 Battlenet Clan Script 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
CVE-2008-3563 1 Plogger 1 Plogger 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
CVE-2008-3582 1 Keld 1 Php-mysql News Script 2018-10-11 6.8 MEDIUM N/A
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-3151 2 Phpnuke, Warpspeed 2 4ndvddb, 4ndvddb 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
CVE-2008-3185 1 Vclcomponents 1 Relative Real Estate Systems 2018-10-11 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
CVE-2008-3206 1 Iamilkay 1 Yuhhu Pubs Black Cat 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-3297 1 Social Engine 1 Social Engine 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
CVE-2008-2968 1 Yektaweb 1 Academic Web Tools 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
CVE-2008-2995 1 Phpeasydata 1 Phpeasydata 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
CVE-2008-3034 1 Rss Aggregator 1 Rss Aggregator 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
CVE-2008-2914 1 Preprojects 1 Php Jobwebsite Pro 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.