Search Results (19690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0192 1 Philip Loftin 1 Aspsurvey 2026-04-16 N/A
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.
CVE-2006-3904 1 Etomite 1 Etomite 2026-04-16 N/A
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0160 1 Venom Board 1 Venom Board 2026-04-16 N/A
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
CVE-2003-0377 1 Iisprotect 1 Iisprotect 2026-04-16 N/A
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
CVE-2003-1533 1 Phppass 1 Phppass 2026-04-16 N/A
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
CVE-2003-1523 1 Dbmail 1 Dbmail 2026-04-16 N/A
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
CVE-2006-4756 1 Accomplishtechnology 1 Phpmydirectory 2026-04-16 N/A
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2760 1 Warpspeed 1 4nforum 2026-04-16 N/A
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2006-0249 1 Bitdamaged 1 Geoblog 2026-04-16 N/A
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).
CVE-2005-3686 1 Newsboard 1 Unclassified Newsboard 2026-04-16 N/A
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.
CVE-2006-3688 1 Francisco Charrua 1 Photo-gallery 2026-04-16 N/A
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4071 1 Cfmagic 1 Magic Forum Personal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
CVE-2006-0115 1 Oneplug Solutions 1 Oneplug Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
CVE-2005-3553 1 Phpkit 1 Phpkit 2026-04-16 N/A
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
CVE-2003-0286 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
CVE-2005-4228 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.
CVE-2006-0146 6 John Lim, Mantis, Mediabeez and 3 more 6 Adodb, Mantis, Mediabeez and 3 more 2026-04-16 N/A
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
CVE-2006-1423 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.
CVE-2006-0412 1 Gencbeyin Web Programlama 1 Cybershop 2026-04-16 N/A
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
CVE-2006-3823 1 Geodesicsolutions 2 Geoauctions Premier, Geoclassifieds Basic 2026-04-16 N/A
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.