Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2929 | 1 Tgs-cms | 1 Tgs Content Management | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. | |||||
| CVE-2009-3052 | 2 Absoluteanime, Phpbb | 2 Prime Quick Style, Phpbb | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php. | |||||
| CVE-2009-3054 | 2 Artetics, Joomla | 2 Com Artportal, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. | |||||
| CVE-2009-3062 | 1 Phplivesupport. | 1 Phplive\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter. | |||||
| CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | |||||
| CVE-2009-3175 | 1 Boldfx | 1 Model Agency Manager Pro | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | |||||
| CVE-2009-3116 | 1 Uiga | 1 Church Portal | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action. | |||||
| CVE-2009-3117 | 1 Snowhall | 1 Silurus System | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-3148 | 1 Portalxp | 1 Portalxp | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php. | |||||
| CVE-2009-3150 | 1 Multi-website | 1 Multi Website | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action. | |||||
| CVE-2009-3154 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. | |||||
| CVE-2009-3185 | 1 Comsenz | 2 Crazy Star Plugin, Discuz\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. | |||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-3190 | 1 Pad-site-scripts | 1 Pad Site Scripts | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. | |||||
| CVE-2009-3193 | 2 Joomla, Uwix | 2 Joomla, Com Digifolio | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. | |||||
| CVE-2009-3217 | 1 Wiccle | 1 Iwiccle | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php. | |||||
| CVE-2009-3218 | 1 The-ghost | 1 Ar Web Content Manager | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-3223 | 1 Inoutscripts | 1 Inout Adserver | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3224 | 2 68classifieds, Classified-software | 2 68 Classifieds, Super Mod System | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2009-3246 | 1 Mybuxscript | 1 Pts-bux | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3252 | 1 Dave Robinson | 1 Rockbandcms | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters. | |||||
| CVE-2009-3308 | 1 Fanupdate | 1 Fanupdate | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||
| CVE-2009-3309 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | |||||
| CVE-2009-3310 | 1 Shalwan | 1 Zainu | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | |||||
| CVE-2009-3313 | 1 Fmyclone | 1 Fmyclone | 2017-09-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php. | |||||
| CVE-2009-3314 | 1 Eliteladders | 1 Elite Gaming Ladders | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter. | |||||
| CVE-2009-3315 | 1 Nelogic | 1 Nephp Publisher | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field. | |||||
| CVE-2009-3316 | 2 Jforjoomla, Joomla | 2 Com Jreservation, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. | |||||
| CVE-2009-3321 | 1 Saphplesson | 1 Saphplesson | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header. | |||||
| CVE-2009-3325 | 2 Focusdev, Joomla | 2 Com Surveymanager, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. | |||||
| CVE-2009-3326 | 1 Cmscontrol | 1 Cmscontrol | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter. | |||||
| CVE-2009-3327 | 1 Webilix | 1 Wx-guestbook | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3330 | 1 Cpecreator | 1 Cp Creator | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action. | |||||
| CVE-2009-3332 | 2 Joomla, Sopinet | 2 Joomla, Com Jbudgetsmagic | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. | |||||
| CVE-2009-3334 | 2 Joomla, Lhacky | 2 Joomla\!, Com Jinc | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. | |||||
| CVE-2009-3335 | 2 Joomla, Turtus | 2 Joomla\!, Turtushout | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. | |||||
| CVE-2009-3336 | 1 Phpprobid | 1 Php Pro Bid | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter. | |||||
| CVE-2009-3343 | 1 Hotwebscripts | 1 Hotweb Rentals | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter. | |||||
| CVE-2009-3349 | 1 Datavore | 1 Gyro | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component. | |||||
| CVE-2009-3356 | 1 Plohni | 1 Image Voting | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2009-3358 | 1 Tourismscripts | 1 Adult Portal Escort Listing | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2009-3361 | 1 Paul Gibbs | 1 Php-ipnmonitor | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter. | |||||
| CVE-2009-3430 | 1 Allomani | 1 Mobile | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2009-3417 | 2 Idojoomla, Joomla | 2 Com Idoblog, Joomla\! | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | |||||
| CVE-2009-3419 | 1 Intesync | 1 Miniweb | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. | |||||
| CVE-2009-3446 | 2 Joomla, Rick Estrada | 2 Joomla, Com Mytube | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. | |||||
| CVE-2009-3510 | 1 Dataspheric | 1 Linkspheric | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter. | |||||
| CVE-2009-3531 | 1 Universe | 1 Universe Cms | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3514 | 1 Marcin Manek | 1 D.net Cms | 2017-09-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php. | |||||
| CVE-2009-3528 | 1 Al4us | 1 Mymsg | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action. | |||||