Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3751

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Aug, 2008 | 17:00
Updated At-07 Aug, 2024 | 09:53
Rejected At-
Credits

SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Aug, 2008 | 17:00
Updated At:07 Aug, 2024 | 09:53
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt
x_refsource_MISC
http://www.vupen.com/english/advisories/2008/2985
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/30767
vdb-entry
x_refsource_BID
https://www.exploit-db.com/exploits/6940
exploit
x_refsource_EXPLOIT-DB
http://secunia.com/advisories/31547
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/44561
vdb-entry
x_refsource_XF
Hyperlink: http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2008/2985
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/30767
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.exploit-db.com/exploits/6940
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://secunia.com/advisories/31547
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44561
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2008/2985
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/30767
vdb-entry
x_refsource_BID
x_transferred
https://www.exploit-db.com/exploits/6940
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://secunia.com/advisories/31547
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/44561
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2985
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30767
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/6940
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://secunia.com/advisories/31547
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44561
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Aug, 2008 | 17:41
Updated At:29 Sep, 2017 | 01:31

SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
yourfreeworld
yourfreeworld
>>short_url_and_url_tracker_script>>*
cpe:2.3:a:yourfreeworld:short_url_and_url_tracker_script:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.org/0808-exploits/shorturl-sql.txtcve@mitre.org
Exploit
http://secunia.com/advisories/31547cve@mitre.org
N/A
http://www.securityfocus.com/bid/30767cve@mitre.org
Exploit
http://www.vupen.com/english/advisories/2008/2985cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44561cve@mitre.org
N/A
https://www.exploit-db.com/exploits/6940cve@mitre.org
N/A
Hyperlink: http://packetstormsecurity.org/0808-exploits/shorturl-sql.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/31547
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30767
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.vupen.com/english/advisories/2008/2985
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44561
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/6940
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6709Records found
CVE-2008-4882
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.68%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-autoresponder_hosting_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4900
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.12%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 00:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-classifieds_blaster_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4881
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.30%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-reminder_service_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4884
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.10%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-classifieds_hosting_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4886
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-shopping_cart_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4883
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.86%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-blog_blaster_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4895
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 00:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-downline_builder_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4885
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-03 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-scrolling_text_ads_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3756
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.03%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-viral_marketing_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3725
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.23%
||
7 Day CHG~0.00%
Published-20 Aug, 2008 | 16:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-ad_board_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3753
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.17%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-programs_rating_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3757
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.47%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-forced_matrix_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3750
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.37%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-url_rotator_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3749
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.25%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-banner_management_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3754
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-stylish_text_ads_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3755
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.03%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-classifiedsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2065
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.51%
||
7 Day CHG~0.00%
Published-02 May, 2008 | 23:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-jokes_site_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1919
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-22 Apr, 2008 | 16:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-apartment_search_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3752
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.50%
||
7 Day CHG~0.00%
Published-21 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-ad-exchange_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-4981
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-yourfreeworldn/a
Product-banner_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-2509
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.76%
||
7 Day CHG~0.00%
Published-22 May, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-yourfreeworldn/a
Product-short_url_and_url_tracker_scriptn/a
CVE-2019-17072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 10:52
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.

Action-Not Available
Vendor-n/aA WP Life
Product-contact_form_widgetn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9599
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-29 Aug, 2025 | 00:32
Updated-29 Aug, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Apartment Management System month_setup.php sql injection

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-ITSourceCode
Product-Apartment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.73%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-chris_wederkan/aTYPO3 Association
Product-tgm_newslettertypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-2daybizn/a
Product-polls_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

Action-Not Available
Vendor-smart-plugsn/a
Product-smartplugsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.86%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.

Action-Not Available
Vendor-tirzentaskfreakn/a
Product-tirzen_frameworktaskfreak\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-laurent_foulloyn/aTYPO3 Association
Product-typo3sav_filter_monthsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.73%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-alibabaclonen/a
Product-ec21_clonen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-design-carsn/aJoomla!
Product-com_productbookjoomla\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.54%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.

Action-Not Available
Vendor-postnuken/a
Product-postnuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-20 May, 2009 | 18:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.

Action-Not Available
Vendor-mlffatn/a
Product-mlffatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.80%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-ncryptedn/a
Product-nct_jobs_portal_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8921
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 18:02
Updated-14 Aug, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Diary user-apply.php sql injection

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_diaryJob Diary
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.50%
||
7 Day CHG~0.00%
Published-24 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-miethner-scriptingn/a
Product-dz_erotik_auktionshaus_v4rgon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 20:20
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

Action-Not Available
Vendor-uigan/a
Product-fan_clubn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-16692
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.63% / 95.36%
||
7 Day CHG~0.00%
Published-22 Sep, 2019 | 14:58
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.

Action-Not Available
Vendor-phpipamn/a
Product-phpipamn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

Action-Not Available
Vendor-phpscripte24n/a
Product-niedrig_gebote_pro_auktions_system_iin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8331
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 20:02
Updated-05 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Farm System forgot_pass.php sql injection

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_farm_systemOnline Farm System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.57%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.

Action-Not Available
Vendor-uigan/a
Product-business_portaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters.

Action-Not Available
Vendor-webasyst_llcn/a
Product-shop-scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-16642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.62%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:32
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.

Action-Not Available
Vendor-yejiaon/a
Product-tuzicmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.73%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 20:20
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.

Action-Not Available
Vendor-gamescriptn/a
Product-gamescriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9008
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.80%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 04:02
Updated-18 Aug, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Tour and Travel Management System sms_setting.php sql injection

A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kITSourceCode
Product-online_tour_\&_travel_management_systemOnline Tour and Travel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.16%
||
7 Day CHG~0.00%
Published-12 May, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.

Action-Not Available
Vendor-phpscripte24n/a
Product-live_shopping_multi_portal_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.70%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-laurent_foulloyn/aTYPO3 Association
Product-sav_filter_selectorstypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9504
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 03:32
Updated-27 Aug, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Loan Management System ajax.php sql injection

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-CampCodes
Product-Online Loan Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1599
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.19%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter.

Action-Not Available
Vendor-nkinfowebn/a
Product-nkinfowebn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.73%
||
7 Day CHG~0.00%
Published-09 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.

Action-Not Available
Vendor-heartlogicn/a
Product-hl-sitemanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8251
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 01:32
Updated-30 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission delete_s4.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 134
  • 135
  • Next
Details not found