Export limit exceeded: 365348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19817 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4037 1 Frontaccounting 1 Frontaccounting 2026-04-23 N/A
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
CVE-2009-1945 1 Tzo 1 Webcal 2026-04-23 N/A
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2009-1480 1 Pragyan Cms Project 1 Pragyan Cms 2026-04-23 N/A
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
CVE-2009-1468 1 Icewarp 2 Email Server, Webmail Server 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
CVE-2009-1842 1 Phpnuke 1 Php-nuke 2026-04-23 N/A
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
CVE-2009-1799 1 Sebastian-thiele 1 St-gallery 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2026-04-23 N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1245 1 Cccp-common-clan-portal-pasterbin 1 Cccp Pastebin 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1766 1 Teozkr 1 Lightopencms 2026-04-23 N/A
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0350 1 Sme 1 Filemailer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.
CVE-2009-1764 1 Bokecc 1 Maxcms 2026-04-23 N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-1208 2 Auth2db, Auth2dbauth2db 2 Auth2db, 0.1.1 2026-04-23 N/A
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
CVE-2009-3973 1 Turnkeyarcade 1 Turnkey Arcade Script 2026-04-23 N/A
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
CVE-2009-3972 2 Joomla, Qproje 2 Joomla\!, Com Siirler 2026-04-23 N/A
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVE-2009-3971 2 Joomla, Jtips 2 Joomla\!, Com Jtips 2026-04-23 N/A
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVE-2009-1746 1 Diangemilang 1 Dgnews 2026-04-23 N/A
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-1734 1 Omnisoftsol 1 Vidsharepro 2026-04-23 N/A
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-3964 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjamonials 2026-04-23 N/A
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2008-2554 1 Bp Blog 1 Bp Blog 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
CVE-2009-3644 2 Joomla, Soundset 2 Joomla\!, Com Soundset 2026-04-23 N/A
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.