Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-2008

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jun, 2009 | 19:00
Updated At-07 Aug, 2024 | 05:36
Rejected At-
Credits

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jun, 2009 | 19:00
Updated At:07 Aug, 2024 | 05:36
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2009/1300
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
vdb-entry
x_refsource_XF
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
x_refsource_CONFIRM
http://www.securityfocus.com/bid/34928
vdb-entry
x_refsource_BID
http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2009/1300
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/34928
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2009/1300
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
vdb-entry
x_refsource_XF
x_transferred
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/34928
vdb-entry
x_refsource_BID
x_transferred
http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1300
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34928
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jun, 2009 | 19:30
Updated At:23 Apr, 2026 | 00:35

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

dokeos
dokeos
>>dokeos>>1.8.5
cpe:2.3:a:dokeos:dokeos:1.8.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.htmlcve@mitre.org
N/A
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34928cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1300cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51141cve@mitre.org
N/A
http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/34928af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1300af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51141af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/34928
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1300
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://gsasec.blogspot.com/2009/05/dokeos-free-185-multiple.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/34928
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1300
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51141
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

365Records found

CVE-2008-2013
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.04% / 59.92%
||
7 Day CHG~0.00%
Published-30 Apr, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.

Action-Not Available
Vendor-pnflashgamesn/a
Product-pnflashgamesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2522
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 56.88%
||
7 Day CHG~0.00%
Published-03 Jun, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.

Action-Not Available
Vendor-haudenschiltn/a
Product-battlenet_clan_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.83% / 53.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.

Action-Not Available
Vendor-serby_arslanhann/a
Product-bomba_habern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.03% / 59.50%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942.

Action-Not Available
Vendor-aeriesn/a
Product-aeries_student_information_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 56.88%
||
7 Day CHG~0.00%
Published-21 Apr, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.

Action-Not Available
Vendor-1024_cmsn/a
Product-1024_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.94% / 56.66%
||
7 Day CHG~0.00%
Published-28 May, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter.

Action-Not Available
Vendor-xomoln/a
Product-xomol_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 63.28%
||
7 Day CHG~0.00%
Published-01 Feb, 2008 | 19:41
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-phpipn/a
Product-phpip_managementn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 60.38%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-deltascriptsn/a
Product-php_linksn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.94% / 56.56%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.

Action-Not Available
Vendor-blogphpn/a
Product-blogphpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1462
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 55.56%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.

Action-Not Available
Vendor-runcmsn/a
Product-runcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 55.74%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.

Action-Not Available
Vendor-exv2n/a
Product-exv2n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.94% / 56.56%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.

Action-Not Available
Vendor-gregory_kokanoskyn/a
Product-phpmynewslettern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 55.74%
||
7 Day CHG~0.00%
Published-13 Mar, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-qt-cuten/a
Product-quicktalk_forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.00% / 58.49%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

Action-Not Available
Vendor-phorumn/a
Product-phorumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.87% / 54.53%
||
7 Day CHG~0.00%
Published-25 Feb, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.

Action-Not Available
Vendor-tinyeventxoopsn/a
Product-tinyeventtiny_event_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.99% / 78.25%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

Action-Not Available
Vendor-phpshopn/a
Product-phpshopn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.00% / 78.43%
||
7 Day CHG~0.00%
Published-25 Jan, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-francisco_burzin/a
Product-php-nuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.93% / 56.15%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-phprpgn/a
Product-phprpgn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 57.10%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.

Action-Not Available
Vendor-myphpn/a
Product-myphp_forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 55.74%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.

Action-Not Available
Vendor-smallnuken/a
Product-smallnuken/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.84% / 53.54%
||
7 Day CHG~0.00%
Published-08 Jan, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.

Action-Not Available
Vendor-webportaln/a
Product-webportal_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.49% / 87.70%
||
7 Day CHG~0.00%
Published-23 Jan, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.

Action-Not Available
Vendor-n/aWordPress.org
Product-wp_forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.91% / 55.56%
||
7 Day CHG~0.00%
Published-24 Jan, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

Action-Not Available
Vendor-easysitenetworkn/a
Product-recipe_website_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.89% / 77.05%
||
7 Day CHG~0.00%
Published-09 Jan, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

Action-Not Available
Vendor-eggblogn/a
Product-eggblogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.99% / 58.18%
||
7 Day CHG~0.00%
Published-11 Oct, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter.

Action-Not Available
Vendor-modxcmsn/a
Product-modxcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 56.73%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

Action-Not Available
Vendor-alorys-hebergementn/a
Product-kwsphpnewsletter_modulen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5408
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.97% / 57.75%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.

Action-Not Available
Vendor-cplinksn/a
Product-cpdynalinksn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.99% / 85.68%
||
7 Day CHG~0.00%
Published-23 Oct, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.

Action-Not Available
Vendor-simple_machinesn/a
Product-simple_machines_forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 61.22%
||
7 Day CHG~0.00%
Published-28 Sep, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.

Action-Not Available
Vendor-sitexn/a
Product-sitex_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.12% / 62.15%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

Action-Not Available
Vendor-php_homepage_mn/a
Product-php_homepage_mn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-4863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.18% / 63.89%
||
7 Day CHG~0.00%
Published-30 Oct, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.

Action-Not Available
Vendor-quirmn/a
Product-saxonn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-4602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 56.92%
||
7 Day CHG~0.00%
Published-31 Aug, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-implied_by_designn/a
Product-micro_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2003-1520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.11% / 61.88%
||
7 Day CHG~0.00%
Published-25 Oct, 2007 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.

Action-Not Available
Vendor-fuzzymonkeyn/a
Product-myclassifiedsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-3447
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.14% / 62.73%
||
7 Day CHG~0.00%
Published-27 Jun, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

Action-Not Available
Vendor-bugmalln/a
Product-shopping_cartn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-3652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 59.85%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.

Action-Not Available
Vendor-fascriptn/a
Product-fanamen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-24827
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-1.33% / 67.75%
||
7 Day CHG+0.04%
Published-11 Apr, 2022 | 20:13
Updated-23 Apr, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in elide-datastore-aggregation

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the '-' character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments ('--') and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns.

Action-Not Available
Vendor-elideYahoo Inc.
Product-elideelide
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-1302
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.25% / 65.76%
||
7 Day CHG~0.00%
Published-07 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.

Action-Not Available
Vendor-li-scriptsn/a
Product-li-guestbookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-1776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.12% / 62.32%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.

Action-Not Available
Vendor-design_for_joomlan/a
Product-d4j_ezinen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7772
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7766
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7768
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7773
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7769
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7767
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-6048
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.38% / 68.78%
||
7 Day CHG~0.00%
Published-22 Nov, 2006 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-etomiten/a
Product-etomiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7774
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.74%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7765
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-2.92% / 85.33%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 00:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

Action-Not Available
Vendor-
Product-u.motion_builderU.Motion
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-5829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.17% / 63.62%
||
7 Day CHG~0.00%
Published-10 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.

Action-Not Available
Vendor-aiocpn/a
Product-aiocpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-1731
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.37%
||
7 Day CHG~0.00%
Published-16 May, 2022 | 18:25
Updated-03 Aug, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.

Action-Not Available
Vendor-allgeiern/a
Product-metasonic_doc_webclientMetasonic Doc WebClient
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-0868
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.57% / 83.26%
||
7 Day CHG~0.00%
Published-18 Jul, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development Group
Product-postgresqln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found