Total
9311 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2017-09-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | |||||
CVE-2007-6392 | 1 Dominion Web | 1 Dwdirectory | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | |||||
CVE-2007-6394 | 1 P3mbo | 1 Content Injector | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | |||||
CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||||
CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-6466 | 1 Freewebshop | 1 Freewebshop | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. | |||||
CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||||
CVE-2007-6557 | 1 Megacheatz | 1 Megacheatz | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. | |||||
CVE-2007-5123 | 1 Solidweb | 1 Novus | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter. | |||||
CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3. | |||||
CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2017-09-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | |||||
CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2017-09-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | |||||
CVE-2007-3937 | 1 A-shop | 1 A-shop | 2017-09-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | |||||
CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-22 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
CVE-2015-4073 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 7.5 HIGH | 9.8 CRITICAL |
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | |||||
CVE-2017-14601 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2017-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. |