Export limit exceeded: 357515 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2026-04-23 | N/A |
| SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter. | ||||
| CVE-2009-2023 | 1 Shop-script | 1 Shop-script | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | ||||
| CVE-2009-2021 | 1 Virtuenetz | 1 Virtue Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2009-2019 | 1 Virtuenetz | 1 Virtue News Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. | ||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | ||||
| CVE-2009-2017 | 1 Virtuenetz | 1 Virtue Book Store | 2026-04-23 | N/A |
| SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | ||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2026-04-23 | N/A |
| SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | ||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2. | ||||
| CVE-2009-2004 | 1 Dokeos | 1 Dokeos | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902. | ||||
| CVE-2009-1952 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2009-1950 | 1 Ahmet Donmez | 1 Webeyes Guest Book | 2026-04-23 | N/A |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | ||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2026-04-23 | N/A |
| SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | ||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter. | ||||
| CVE-2009-1909 | 1 Openskip | 1 Skip | 2026-04-23 | N/A |
| SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1853 | 1 Kenseiboard | 1 Kensei Board | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action. | ||||
| CVE-2009-1852 | 1 Graphiks | 1 Myforum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2009-1851 | 1 Benjamin Curtis | 1 Phpbugtracker | 2026-04-23 | N/A |
| SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-2122 | 2 Paolo Palmonari, Wordpress | 2 Photoracer Plugin For Wordpress, Wordpress | 2026-04-23 | N/A |
| SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||