Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | |||||
| CVE-2009-4794 | 1 Community Cms | 1 Community Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php. | |||||
| CVE-2009-4796 | 1 Glfusion | 1 Glfusion | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php. | |||||
| CVE-2009-4805 | 1 Will Kraft | 1 Ez-blog | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php. | |||||
| CVE-2009-4351 | 1 Wscreator | 1 Wscreator | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. | |||||
| CVE-2009-4719 | 1 Bob Jewell | 1 Discloser | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter. | |||||
| CVE-2009-4742 | 1 Docebo | 1 Docebo | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php. | |||||
| CVE-2009-4791 | 1 Ryan Haudenschilt | 1 Family Connections | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and (5) email parameter to lostpw.php. | |||||
| CVE-2009-4386 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors. | |||||
| CVE-2009-4470 | 1 Dvbbs | 1 Dvbbs | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter. | |||||
| CVE-2009-4571 | 1 Phpshop | 1 Phpshop | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681. | |||||
| CVE-2009-4745 | 1 Dreamlevels | 1 Dreampoll | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action. | |||||
| CVE-2009-4783 | 1 Mntechsolutions | 1 Theeta Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php. | |||||
| CVE-2009-4084 | 1 E107 | 1 E107 | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4155 | 1 Eshopbuilder | 1 Eshopbuilde Cms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) secText, (21) Grp_Code, (22) _method, and (23) client-ip parameters to advview.asp; and (24) sitebid, (25) secText, (26) newsId, and (27) client-ip parameters to dis_new-f.asp. | |||||
| CVE-2009-3703 | 2 Fahlstad, Wordpress | 2 Wp-forum, Wordpress | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php. | |||||
| CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. | |||||
| CVE-2009-3913 | 1 Xerox | 1 Fiery Webtools | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | |||||
| CVE-2009-3582 | 1 Sql-ledger | 1 Sql-ledger | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | |||||
| CVE-2009-3665 | 1 Nullam | 1 Nullam Blog | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action. | |||||
| CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. | |||||
| CVE-2009-3494 | 1 Todor Lazarov | 1 T-htb Manager | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | |||||
| CVE-2009-3532 | 2 Logrover, Microsoft | 2 Logrover, Windows | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3042 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. | |||||
| CVE-2009-3215 | 2 Joomla, Php-shop-system | 2 Joomla, Ixxo Cart | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
| CVE-2009-3357 | 2 Joomla, Joomlahbs | 2 Joomla, Com Hbssearch | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. | |||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | |||||
| CVE-2009-2734 | 1 Achievo | 1 Achievo | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php. | |||||
| CVE-2009-2933 | 1 Piwigo | 1 Piwigo | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. | |||||
| CVE-2009-2573 | 1 Bioscripts | 1 Minitwitter | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php. | |||||
| CVE-2009-2608 | 1 Chatelao | 1 Php Address Book | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. | |||||
| CVE-2009-2451 | 1 Mim.infinix | 1 Infinix | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form. | |||||
| CVE-2009-2598 | 1 Onlinegrades | 1 Online Grades | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. | |||||
| CVE-2009-2579 | 1 Cs-cart | 1 Cs-cart | 2018-10-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2. | |||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2010 | 1 Haudenschilt | 1 Family Connections Cms | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter. | |||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | |||||
| CVE-2009-2354 | 1 Nulllogic | 1 Groupware | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | |||||
| CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | |||||
| CVE-2009-2359 | 1 Yasinkaplan | 1 Tekradius | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command. | |||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | |||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2018-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | |||||
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2018-10-10 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1843 | 1 Glenn Mcgurrin | 1 Flash Quiz | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. | |||||
| CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2018-10-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2018-10-10 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | |||||