Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4600 1 Netartmedia 1 Media Real Estate Portal 2026-04-23 N/A
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.
CVE-2008-5270 1 Wareziz 1 Yuhhu Superstar 2008 2026-04-23 N/A
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
CVE-2009-4599 2 Joomla, Joomshark 2 Joomla, Com Jsjobs 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2009-4598 2 Corephp, Joomla 2 Com Jphoto, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2008-7077 1 Relative 1 Sailplanner 2026-04-23 N/A
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-7071 1 Chipmunk-scripts 1 Chipmunk Topsites 2026-04-23 N/A
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4595 1 Phpwares 1 Php Inventory 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4591 1 Secureideas 1 Base 2026-04-23 N/A
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2359 1 Yasinkaplan 1 Tekradius 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.
CVE-2009-2638 2 Joomla, Konze 2 Joomla, Com Akobook 2026-04-23 N/A
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
CVE-2009-2639 1 Mrcgiguy 1 The Ticket System 2026-04-23 N/A
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
CVE-2008-5924 1 Asp-dev 1 Xm Events Diary 2026-04-23 N/A
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4305 1 Moodle 1 Moodle 2026-04-23 N/A
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
CVE-2008-4204 1 Softacid 1 Hotel Reservation System 2026-04-23 N/A
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
CVE-2008-5273 1 Toddwoolums 1 Todd Woolums Asp News Management 2026-04-23 N/A
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
CVE-2008-5727 1 Netcat 1 Netcat 2026-04-23 N/A
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2008-5921 1 Umerinc 1 Songs Portal 2026-04-23 N/A
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3319 1 Dimofinf 1 Dawaween 2026-04-23 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.
CVE-2009-4569 1 Elkagroup 1 Image Gallery 2026-04-23 N/A
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
CVE-2009-3212 1 Dimofinf 1 Infinity Script 2026-04-23 N/A
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.