Search Results (364578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4879 1 Maran 1 Php Shop 2026-04-23 N/A
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
CVE-2008-4880 1 Maran 1 Php Shop 2026-04-23 N/A
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
CVE-2008-4881 1 Yourfreeworld 1 Reminder Service Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4882 1 Yourfreeworld 1 Autoresponder Hosting Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4883 1 Yourfreeworld 1 Blog Blaster Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4884 1 Yourfreeworld 1 Classifieds Hosting Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4885 1 Yourfreeworld 1 Scrolling Text Ads Script 2026-04-23 N/A
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4886 1 Yourfreeworld 1 Shopping Cart Script 2026-04-23 N/A
SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVE-2008-4887 1 Netrisk 1 Netrisk 2026-04-23 N/A
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.
CVE-2008-4888 1 Netrisk 1 Netrisk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4889 1 Dev\!l\'s 1 Clanportal 2026-04-23 N/A
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
CVE-2008-4890 1 1st News 1 4 Professional 2026-04-23 N/A
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4891 1 Planetluc 1 Signme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allows remote attackers to inject arbitrary web script or HTML via the hash parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4892 1 Planetluc 1 Mygallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-4893 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4894 1 Tribiq 1 Tribiq Cms 2026-04-23 N/A
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
CVE-2008-4895 1 Yourfreeworld 1 Downline Builder Script 2026-04-23 N/A
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4896 1 Logz 1 Logz 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the art parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4897 1 Logz 1 Logz 2026-04-23 N/A
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.
CVE-2008-4898 1 Planetluc 1 Rateme 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the rate parameter in a submit rate action.