Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2008. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2008-5595 | SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 | 1.15% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5590 | SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter. | 7.5 | 0.97% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5589 | SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information. | 7.5 | 1.00% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5588 | SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter. | 7.5 | 0.97% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5586 | SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. | 6.8 | 0.95% | 2008-12-16 | 2026-06-16 |
| CVE-2008-5582 | SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 | 1.00% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5578 | Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values. | 7.5 | 1.00% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5574 | SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 | 2.35% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5573 | SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters. | 7.5 | 1.20% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5571 | SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information. | 7.5 | 2.37% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5561 | SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php. | 7.5 | 0.97% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5559 | SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 | 1.04% | 2008-12-15 | 2026-06-16 |
| CVE-2008-5496 | SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 | 1.19% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5494 | SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 | 1.00% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5493 | SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.19% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5491 | SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | 7.5 | 0.97% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5490 | SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.15% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5489 | SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. | 7.5 | 1.15% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5488 | SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. | 7.5 | 1.18% | 2008-12-12 | 2026-06-16 |
| CVE-2008-5486 | SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.04% | 2008-12-12 | 2026-06-16 |