Search Results (19670 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2593 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2009-3644 2 Joomla, Soundset 2 Joomla\!, Com Soundset 2026-04-23 N/A
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
CVE-2009-2592 1 Phpjunkyard 1 Gbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.
CVE-2009-2545 1 Anelectron 1 Advanced Electron Forum 2026-04-23 N/A
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2883 1 Arabless 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2007-1897 1 Wordpress 1 Wordpress 2026-04-23 N/A
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
CVE-2009-2345 1 Clansphere 1 Clansphere 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
CVE-2008-6365 1 Adserversolutions 1 Ad Management Software 2026-04-23 N/A
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
CVE-2008-4766 1 O2php 1 Oxygen Bulletin Board 2026-04-23 N/A
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6017 1 I-rater 1 I-rater Basic 2026-04-23 N/A
SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.
CVE-2009-2339 1 Rentventory 1 Rentventory 2026-04-23 N/A
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-2337 1 W3bcms 2 Gaestebuch Guestbook Module, W3bcms 2026-04-23 N/A
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
CVE-2009-2326 1 Max Kervin 1 Kervinet Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
CVE-2007-4611 1 Dale Mooney 1 Calendar Events 2026-04-23 N/A
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2254 1 Zen-cart 1 Zen Cart 2026-04-23 N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
CVE-2009-1508 1 Keir Davis 1 X-forum 2026-04-23 N/A
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
CVE-2009-2243 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-23 N/A
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2236 1 Yourarticlesdirectory 1 Your Articles Directory 2026-04-23 N/A
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2235 1 Yourarticlesdirectory 1 Your Articles Directory 2026-04-23 N/A
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.