Search Results (19826 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2585 1 Mlffat 1 Mlffat 2026-04-23 N/A
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
CVE-2009-2590 1 Resalecode 1 Hutscripts Php Website Script 2026-04-23 N/A
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-2591 2 E-xoopport, Runcms 2 E-xoopport, Myannonces 2026-04-23 N/A
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
CVE-2009-2592 1 Phpjunkyard 1 Gbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.
CVE-2009-2593 1 Censura 1 Censura 2026-04-23 N/A
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
CVE-2009-2598 1 Onlinegrades 1 Online Grades 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
CVE-2009-2599 1 Radscripts 1 Radclassifieds 2026-04-23 N/A
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
CVE-2009-2601 2 Joomla, Joomlaequipment 2 Joomla\!, Juser 2026-04-23 N/A
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
CVE-2009-2603 1 E-supportportal 1 Escon Supportportal Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
CVE-2009-2604 1 Zenhelpdesk 1 Zen Help Desk 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
CVE-2009-2605 1 Traidnt 1 Traidnt Up 2026-04-23 N/A
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2026-04-23 N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
CVE-2009-2608 1 Chatelao 1 Php Address Book 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
CVE-2009-2609 2 Amotools, Joomla 2 Com Amocourse, Joomla 2026-04-23 N/A
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2009-2881 1 Artis.imag 1 Basilic 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
CVE-2009-2883 1 Arabless 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
CVE-2009-2885 1 Phpscriptsnow 1 World\'s Tallest Buildings 2026-04-23 N/A
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2886 1 Phpscriptsnow 1 President Bios 2026-04-23 N/A
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2888 1 Phpscriptsnow 1 Hangman 2026-04-23 N/A
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2009-2891 1 Phpscriptsnow 1 Riddles 2026-04-23 N/A
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.