Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11415 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | |||||
| CVE-2017-11414 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | |||||
| CVE-2017-11413 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2017-11412 | 1 Fiyo | 1 Fiyo Cms | 2017-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | |||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | |||||
| CVE-2006-6095 | 1 Dotnetindex | 1 Active News Manager | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | |||||
| CVE-2006-6109 | 1 Candypress | 1 Candypress Store | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp. | |||||
| CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2017-07-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | |||||
| CVE-2006-3181 | 1 Mobescripts | 1 Mobile Space Community | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | |||||
| CVE-2006-4214 | 1 Zen Cart | 1 Zen Cart | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | |||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | |||||
| CVE-2006-2239 | 1 Tuomas Airaksinen | 1 Newsadmin | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2006-2301 | 1 Ozzywork | 1 Galeri | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | |||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2006-1751 | 1 Michiel Van Baak | 1 Mvblog | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-0897 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2017-07-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher. | |||||
| CVE-2006-1006 | 1 Sendcard | 1 Sendcard | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||