Search Results (19834 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3497 1 Vastal 1 Agent Zone 2026-04-23 N/A
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3498 1 Hbcms 1 Hbcms 2026-04-23 N/A
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2009-3499 1 Bpowerhouse 1 Bplawyercasedocuments 2026-04-23 N/A
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-3500 1 Bpowerhouse 1 Bpgames 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
CVE-2009-3502 1 Bpowerhouse 1 Bpmusic 2026-04-23 N/A
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
CVE-2009-3503 1 Bpowerhouse 1 Bpholidaylettings 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
CVE-2009-3504 1 Alibabaclone 1 Alibaba Clone 2026-04-23 N/A
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3505 1 Vastal 1 Mmorpg Zone 2026-04-23 N/A
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
CVE-2009-3510 1 Dataspheric 1 Linkspheric 2026-04-23 N/A
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.
CVE-2009-3514 1 Marcin Manek 1 D.net Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVE-2009-3528 1 Al4us 1 Mymsg 2026-04-23 N/A
SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.
CVE-2009-3529 1 Radscripts 1 Radbids 2026-04-23 N/A
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
CVE-2009-3531 1 Universe 1 Universe Cms 2026-04-23 N/A
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-3533 1 John Beranek 1 Meeting Room Booking System 2026-04-23 N/A
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3543 1 Phenotype-cms 1 Phenotype Cms 2026-04-23 N/A
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
CVE-2009-3595 1 Vspanel 1 Vs Panel 2026-04-23 N/A
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
CVE-2009-3582 1 Sql-ledger 1 Sql-ledger 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
CVE-2009-3590 1 Vspanel 1 Vs Panel 2026-04-23 N/A
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.
CVE-2009-3632 1 Typo3 1 Typo3 2026-04-23 N/A
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.