Export limit exceeded: 19542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4624 | 1 Nicecoder | 1 Idesk | 2026-04-23 | N/A |
| SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843. | ||||
| CVE-2009-4621 | 2 Discuz, Patching | 2 Discuz\!, Jianghu Inn | 2026-04-23 | N/A |
| SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php. | ||||
| CVE-2009-4617 | 1 Tourismscripts | 1 Tourism Script Accomodation Hotel Booking Portal Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. | ||||
| CVE-2009-4600 | 1 Netartmedia | 1 Media Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | ||||
| CVE-2009-4569 | 1 Elkagroup | 1 Image Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/. | ||||
| CVE-2008-2844 | 1 Carscripts | 1 Carscripts Classifieds | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2008-5365 | 1 Activewebsoftwares | 1 Activevotes | 2026-04-23 | N/A |
| SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | ||||
| CVE-2009-4564 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/. | ||||
| CVE-2009-0810 | 1 Xatrix | 1 Xguestbook | 2026-04-23 | N/A |
| SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2009-4221 | 1 Smartisoft | 1 Phpbazar | 2026-04-23 | N/A |
| SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767. | ||||
| CVE-2009-0832 | 2 Ausimods, Php-fusion | 2 E-cart, Php-fusion | 2026-04-23 | N/A |
| SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. | ||||
| CVE-2009-4203 | 1 Arabportal | 1 Arab Portal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. | ||||
| CVE-2009-1038 | 1 Yap | 1 Yap Blog | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php. | ||||
| CVE-2008-1840 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload. | ||||
| CVE-2008-2477 | 1 Mx-system | 1 Mxbb Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | ||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2026-04-23 | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | ||||
| CVE-2009-1468 | 1 Icewarp | 2 Email Server, Webmail Server | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. | ||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2026-04-23 | N/A |
| SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||