Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2309 | 1 Codice-cms | 1 Codice Cms | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter. | |||||
| CVE-2009-2310 | 1 Bow Der Kleine | 1 X-blc | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2009-2311 | 2 Selbstzweck, Woltlab | 2 Rgallery Plugin, Burning Board | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627. | |||||
| CVE-2009-2337 | 1 W3bcms | 2 Gaestebuch Guestbook Module, W3bcms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter. | |||||
| CVE-2009-2339 | 1 Rentventory | 1 Rentventory | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter. | |||||
| CVE-2009-2340 | 1 Opial | 1 Opial | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2341 | 1 Shalwan | 1 Opial | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | |||||
| CVE-2009-2366 | 1 Datachecknh | 2 Forumpal, Forumpal Fe | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2383 | 2 Blogtrafficexchange, Wordpress | 2 Related-sites, Wordpress | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. | |||||
| CVE-2009-2385 | 2 Fustrate, Simple Machines | 2 Member Awards, Smf | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2389 | 1 Usolved | 1 Newsolved | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter. | |||||
| CVE-2009-2390 | 2 F-cimag-in, Joomla | 2 Com Bookflip, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php. | |||||
| CVE-2009-2392 | 1 Virtuenetz | 1 Virtue Online Test Generator | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||
| CVE-2009-2394 | 2 Mr Saphp Arabic Mobile, Smspages | 2 Messages Library, Smspages | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | |||||
| CVE-2009-2400 | 2 Fijiwebdesign, Joomla | 2 Com Php, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-2402 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||||
| CVE-2009-2553 | 1 Supersimple | 1 Super Simple Blog Script | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2009-2554 | 2 Joomla, Olle Johansson | 2 Joomla, Jobline | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php. | |||||
| CVE-2009-2567 | 2 Almondsoft, Joomla | 2 Almond Classifieds, Joomla\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-2585 | 1 Mlffat | 1 Mlffat | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731. | |||||
| CVE-2009-2591 | 2 E-xoopport, Runcms | 2 E-xoopport, Myannonces | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php. | |||||
| CVE-2009-2592 | 1 Phpjunkyard | 1 Gbook | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter. | |||||
| CVE-2009-2593 | 1 Censura | 1 Censura | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action. | |||||
| CVE-2009-2599 | 1 Radscripts | 1 Radclassifieds | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action. | |||||
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||
| CVE-2009-2603 | 1 E-supportportal | 1 Escon Supportportal Pro | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters. | |||||
| CVE-2009-2604 | 1 Zenhelpdesk | 1 Zen Help Desk | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp. | |||||
| CVE-2009-2605 | 1 Traidnt | 1 Traidnt Up | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php. | |||||
| CVE-2009-2607 | 2 Joomla, Pinme | 2 Joomla, Com Pinboard | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php. | |||||
| CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | |||||
| CVE-2009-2638 | 2 Joomla, Konze | 2 Joomla, Com Akobook | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. | |||||
| CVE-2009-2639 | 1 Mrcgiguy | 1 The Ticket System | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. | |||||
| CVE-2009-2735 | 1 Sun-jester | 1 Opennews | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2774 | 1 Php-paid4mail | 1 Php-paid4mail | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-2775 | 1 Phparcadescript | 1 Phparcadescript | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2777 | 1 Garagesalesjunkie | 1 Garagesales Script | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2009-2781 | 1 Arabportal | 1 Arab Portal | 2017-09-19 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | |||||
| CVE-2009-2782 | 2 Jfusion, Joomla | 2 Com Jfusion, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2009-2786 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | |||||
| CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | |||||
| CVE-2009-2881 | 1 Artis.imag | 1 Basilic | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/. | |||||
| CVE-2009-2924 | 1 Videosbroadcastyourself | 1 Videos Broadcast Yourself | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php. | |||||
| CVE-2009-2883 | 1 Arabless | 1 Saphplesson | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php. | |||||
| CVE-2009-2892 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. | |||||
| CVE-2009-2895 | 1 Phpsugar | 1 Ultimate Regnow Affiliate | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-2926 | 1 Phpcompet.free | 1 Php Competition System | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. | |||||
| CVE-2009-2921 | 1 Mocdesigns | 1 Php News | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | |||||
| CVE-2009-2927 | 1 Digitalspinners | 1 Ds Cms | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter. | |||||