Search Results (19656 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2601 2 Joomla, Joomlaequipment 2 Joomla\!, Juser 2026-04-23 N/A
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
CVE-2009-4338 2 Jean-david Gadina, Typo3 2 Slideshow, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-0727 1 Tony Iha Kazungu 1 Taifajobs 2026-04-23 N/A
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
CVE-2009-0728 2 Maxdev, Postnuke 3 Md-pro, My Egallery, Postnuke 2026-04-23 N/A
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
CVE-2009-3208 1 Prakashatma Mishra 1 Phpfreebb 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
CVE-2009-3209 1 Raizlabs 1 Php Email Manager 2026-04-23 N/A
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3212 1 Dimofinf 1 Infinity Script 2026-04-23 N/A
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2009-4339 2 Stephan Vits, Typo3 2 Mf Subscription, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4394 2 Fr.simon Rundell, Typo3 2 Ste Prayer2, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4399 2 Fr.simon Rundell, Typo3 2 Hs Religiousartgallery, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4401 2 Fr.simon Rundell, Typo3 2 Ste Parish Admin, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4414 1 Phpgroupware 1 Phpgroupware 2026-04-23 N/A
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
CVE-2008-5665 1 Xoops 1 Xoops 2026-04-23 N/A
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2009-4561 1 Worms-league 1 Webleague 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-1038 1 Yap 1 Yap Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
CVE-2009-3335 2 Joomla, Turtus 2 Joomla\!, Turtushout 2026-04-23 N/A
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
CVE-2009-3337 1 S9y 1 Serendipity Event Freetag 2026-04-23 N/A
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
CVE-2009-3342 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
CVE-2009-3343 1 Hotwebscripts 1 Hotweb Rentals 2026-04-23 N/A
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
CVE-2009-2883 1 Arabless 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.