SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
Max CVSS
7.5
EPSS Score
0.06%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
Max CVSS
7.5
EPSS Score
0.09%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
Max CVSS
6.8
EPSS Score
0.07%
Published
2003-12-31
Updated
2008-09-05
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
Max CVSS
7.5
EPSS Score
0.10%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
Max CVSS
7.5
EPSS Score
0.07%
Published
2003-12-31
Updated
2017-07-29
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
Max CVSS
6.5
EPSS Score
0.09%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
Max CVSS
7.5
EPSS Score
0.80%
Published
2003-12-31
Updated
2017-07-29
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.
Max CVSS
7.5
EPSS Score
0.80%
Published
2003-12-31
Updated
2008-09-05
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2003-12-31
Updated
2008-09-05
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
Max CVSS
7.5
EPSS Score
2.00%
Published
2003-11-27
Updated
2017-07-11
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-12-29
Updated
2017-07-11
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
Max CVSS
7.5
EPSS Score
0.23%
Published
2003-12-31
Updated
2017-07-11
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2003-11-03
Updated
2017-07-11
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
Max CVSS
7.5
EPSS Score
0.20%
Published
2003-11-23
Updated
2017-07-11
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
Max CVSS
7.5
EPSS Score
0.27%
Published
2003-11-03
Updated
2017-07-11
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
Max CVSS
7.5
EPSS Score
0.73%
Published
2003-11-03
Updated
2017-07-11
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
Max CVSS
7.5
EPSS Score
0.75%
Published
2003-12-31
Updated
2017-07-11
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
Max CVSS
5.0
EPSS Score
0.71%
Published
2003-11-17
Updated
2017-07-11
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Max CVSS
7.5
EPSS Score
10.90%
Published
2003-11-17
Updated
2020-03-24
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
Max CVSS
7.5
EPSS Score
0.34%
Published
2003-09-22
Updated
2008-09-10
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2003-10-20
Updated
2008-09-05
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2003-10-20
Updated
2008-09-10
50 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!