CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2008. View full CVE list

Showing 2140 of 1092 results
«« First « Prev Page 2 / 55 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2008-5767 SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. 7.5 0.97% 2008-12-30 2026-06-16
CVE-2008-5766 SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter. 7.5 1.99% 2008-12-30 2026-06-16
CVE-2008-5751 SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. 7.5 0.97% 2008-12-30 2026-06-16
CVE-2008-5739 SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. 7.5 2.08% 2008-12-26 2026-06-16
CVE-2008-5737 SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter. 7.5 1.18% 2008-12-26 2026-06-16
CVE-2008-5733 SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. 7.5 1.00% 2008-12-26 2026-06-16
CVE-2008-5727 SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string. 6.8 1.89% 2008-12-26 2026-06-16
CVE-2008-5726 SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. 7.5 1.00% 2008-12-26 2026-06-16
CVE-2008-5707 SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. 7.5 0.91% 2008-12-24 2026-06-16
CVE-2008-4303 Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors. 6.8 1.18% 2008-12-23 2026-06-16
CVE-2008-2380 SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. 5.1 1.82% 2008-12-22 2026-06-16
CVE-2008-1094 SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter. 6.5 1.98% 2008-12-19 2026-06-16
CVE-2008-5665 SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. 7.5 0.97% 2008-12-18 2026-06-16
CVE-2008-5655 Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 7.5 0.91% 2008-12-17 2026-06-16
CVE-2008-5654 SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information. 7.5 1.04% 2008-12-17 2026-06-16
CVE-2008-5653 SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. 7.5 1.01% 2008-12-17 2026-06-16
CVE-2008-5652 SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. 7.5 1.24% 2008-12-17 2026-06-16
CVE-2008-5651 SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter. 7.5 2.27% 2008-12-17 2026-06-16
CVE-2008-5650 SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter. 7.5 1.05% 2008-12-17 2026-06-16
CVE-2008-5649 SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. 10.0 1.78% 2008-12-17 2026-06-16
«« First « Prev Page 2 / 55 Next »
cvelogic Threat Intelligence