Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2428 | 1 Tauschregal.de | 1 Tausch Ticket Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors. | ||||
| CVE-2009-2436 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | ||||
| CVE-2009-2439 | 1 Web Development House | 1 Alibaba Clone | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group. | ||||
| CVE-2009-2451 | 1 Mim.infinix | 1 Infinix | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form. | ||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2553 | 1 Supersimple | 1 Super Simple Blog Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter. | ||||
| CVE-2009-2554 | 2 Joomla, Olle Johansson | 2 Joomla, Jobline | 2026-04-23 | N/A |
| SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php. | ||||
| CVE-2009-2567 | 2 Almondsoft, Joomla | 2 Almond Classifieds, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2009-2573 | 1 Bioscripts | 1 Minitwitter | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php. | ||||
| CVE-2009-2579 | 1 Cs-cart | 1 Cs-cart | 2026-04-23 | N/A |
| SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2. | ||||
| CVE-2009-2585 | 1 Mlffat | 1 Mlffat | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731. | ||||
| CVE-2009-3417 | 2 Idojoomla, Joomla | 2 Com Idoblog, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. | ||||
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3419 | 1 Intesync | 1 Miniweb | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. | ||||
| CVE-2009-3430 | 1 Allomani | 1 Mobile | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | ||||
| CVE-2009-3434 | 3 Joomla, Mambo, Onestopjoomla | 3 Joomla, Mambo, Com Tupinambis | 2026-04-23 | N/A |
| SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | ||||
| CVE-2009-3436 | 1 Maxwebportal | 1 Maxwebportal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417. | ||||
| CVE-2009-3438 | 2 Joomla, Witchakorn Kamolpornwijit | 2 Joomla, Com Facebook | 2026-04-23 | N/A |
| SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | ||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | ||||
| CVE-2009-3443 | 2 Fastballproductions, Joomla | 2 Com Fastball, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | ||||