CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2008. View full CVE list

Showing 4160 of 1092 results
«« First « Prev Page 3 / 55 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2008-5648 SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information. 7.5 0.97% 2008-12-17 2026-06-16
CVE-2008-5643 SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. 7.5 0.97% 2008-12-17 2026-06-16
CVE-2008-5641 SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. 7.5 1.01% 2008-12-17 2026-06-16
CVE-2008-5640 SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. 7.5 1.20% 2008-12-17 2026-06-16
CVE-2008-5638 Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp. 7.5 1.01% 2008-12-17 2026-06-16
CVE-2008-5637 SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter. 7.5 1.99% 2008-12-17 2026-06-16
CVE-2008-5636 SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. 6.8 1.12% 2008-12-17 2026-06-16
CVE-2008-5635 SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. 7.5 1.01% 2008-12-17 2026-06-16
CVE-2008-5634 SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. 7.5 1.01% 2008-12-17 2026-06-16
CVE-2008-5633 SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. 7.5 1.00% 2008-12-17 2026-06-16
CVE-2008-5632 SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. 7.5 1.02% 2008-12-17 2026-06-16
CVE-2008-5631 SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. 7.5 1.00% 2008-12-17 2026-06-16
CVE-2008-5630 SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter. 6.8 1.12% 2008-12-17 2026-06-16
CVE-2008-5629 SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. 7.5 0.98% 2008-12-17 2026-06-16
CVE-2008-5628 SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter. 6.8 0.91% 2008-12-17 2026-06-16
CVE-2008-5627 SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. 7.5 1.00% 2008-12-17 2026-06-16
CVE-2008-5609 SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.05% 2008-12-16 2026-06-16
CVE-2008-5607 SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. 7.5 1.00% 2008-12-16 2026-06-16
CVE-2008-5605 Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. 7.5 2.08% 2008-12-16 2026-06-16
CVE-2008-5599 SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information. 7.5 1.04% 2008-12-16 2026-06-16
«« First « Prev Page 3 / 55 Next »
cvelogic Threat Intelligence