CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2008(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5806 89 1 Exec Code Sql 2008-12-31 2009-02-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
2 CVE-2008-5805 89 1 Exec Code Sql 2008-12-31 2009-04-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
3 CVE-2008-5804 89 1 Exec Code Sql 2008-12-31 2009-03-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
4 CVE-2008-5803 89 1 Exec Code Sql 2008-12-31 2009-02-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
5 CVE-2008-5802 89 1 Exec Code Sql 2008-12-31 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
6 CVE-2008-5800 89 Exec Code Sql 2008-12-31 2009-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
7 CVE-2008-5798 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2008-5797 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
9 CVE-2008-5796 89 Exec Code Sql 2008-12-31 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2008-5788 89 1 Exec Code Sql 2008-12-31 2009-03-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
11 CVE-2008-5785 89 1 Exec Code Sql 2008-12-31 2009-03-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
12 CVE-2008-5782 89 1 Exec Code Sql 2008-12-31 2009-03-13
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
13 CVE-2008-5781 89 1 Exec Code Sql 2008-12-30 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
14 CVE-2008-5779 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
15 CVE-2008-5778 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
16 CVE-2008-5777 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
17 CVE-2008-5775 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
18 CVE-2008-5774 89 1 Exec Code Sql 2008-12-30 2009-07-29
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
19 CVE-2008-5772 89 1 Exec Code Sql 2008-12-30 2009-07-29
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
20 CVE-2008-5768 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
21 CVE-2008-5767 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
22 CVE-2008-5766 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
23 CVE-2008-5751 89 1 Exec Code Sql 2008-12-30 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
24 CVE-2008-5739 89 1 Exec Code Sql 2008-12-26 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
25 CVE-2008-5737 89 1 Exec Code Sql 2008-12-26 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
26 CVE-2008-5733 89 1 Exec Code Sql 2008-12-26 2009-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
27 CVE-2008-5727 89 1 Exec Code Sql 2008-12-26 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
28 CVE-2008-5726 89 1 Exec Code Sql 2008-12-26 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
29 CVE-2008-5707 89 Exec Code Sql 2008-12-24 2008-12-24
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
30 CVE-2008-5665 89 1 Exec Code Sql 2008-12-18 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
31 CVE-2008-5655 89 Exec Code Sql 2008-12-17 2009-01-06
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
32 CVE-2008-5654 89 Exec Code Sql 2008-12-17 2008-12-24
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
33 CVE-2008-5653 89 Exec Code Sql 2008-12-17 2008-12-24
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
34 CVE-2008-5652 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
35 CVE-2008-5651 89 Exec Code Sql 2008-12-17 2008-12-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
36 CVE-2008-5650 89 1 Exec Code Sql 2008-12-17 2009-08-12
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
37 CVE-2008-5649 89 1 Exec Code Sql 2008-12-17 2009-08-12
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
38 CVE-2008-5648 89 Exec Code Sql 2008-12-17 2008-12-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
39 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
40 CVE-2008-5641 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
41 CVE-2008-5640 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
42 CVE-2008-5638 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
43 CVE-2008-5637 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
44 CVE-2008-5636 89 1 Exec Code Sql 2008-12-17 2009-08-19
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
45 CVE-2008-5635 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
46 CVE-2008-5634 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
47 CVE-2008-5633 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
48 CVE-2008-5632 89 1 Exec Code Sql 2008-12-17 2008-12-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
49 CVE-2008-5631 89 1 Exec Code Sql 2008-12-17 2009-08-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
50 CVE-2008-5630 89 1 Exec Code Sql 2008-12-17 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
Total number of vulnerabilities : 1101   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.