Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2737 | 1 Netsupport | 1 Dna Helpdesk | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||||
| CVE-2004-2751 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2006-6367 | 1 Duware | 3 Dudownload, Dunews, Dupaypal | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976. | |||||
| CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | |||||
| CVE-2006-7025 | 1 Sangwan Kim | 1 Bookmark4u | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | |||||
| CVE-2006-7089 | 1 Ban | 1 Ban | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2003-1435 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | |||||
| CVE-2006-7170 | 1 Koan Software | 1 Mega Mall | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | |||||
| CVE-2003-1458 | 1 Ttcms | 2 Ttcms, Ttforum | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name. | |||||
| CVE-2002-2252 | 1 Atthat.com | 1 Thatware | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter. | |||||
| CVE-2003-1504 | 1 Goldscripts | 1 Goldlink | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. | |||||
| CVE-2003-1523 | 1 Dbmail | 1 Dbmail | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. | |||||
| CVE-2002-2277 | 1 Portail Web Php | 1 Portail Web Php | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | |||||
| CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2017-07-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | |||||
| CVE-2017-11324 | 1 Tilde Cms Project | 1 Tilde Cms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. | |||||
| CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||||
| CVE-2016-7784 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | |||||
| CVE-2016-9481 | 1 Exponentcms | 1 Exponent Cms | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection. | |||||