Search Results (19860 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3758 1 Citrix 1 Xencenterweb 2026-04-23 N/A
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3754 1 Kreotek 1 Phpbms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
CVE-2009-3752 1 Opial 1 Opial 2026-04-23 N/A
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
CVE-2009-3750 1 Santostefano Giovanni 1 Toylog 2026-04-23 N/A
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
CVE-2009-3718 1 Davethewebguy 1 Battle Blog 2026-04-23 N/A
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
CVE-2009-3715 1 Maniacomputer 1 Mcshoutbox 2026-04-23 N/A
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-3713 1 Morcego 1 Morcegocms 2026-04-23 N/A
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2009-3712 1 Ebayclonescript 1 Ebay Clone 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
CVE-2009-3703 2 Fahlstad, Wordpress 2 Wp-forum, Wordpress 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
CVE-2009-3697 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
CVE-2009-3150 1 Multi-website 1 Multi Website 2026-04-23 N/A
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
CVE-2009-3148 1 Portalxp 1 Portalxp 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
CVE-2009-3125 1 Mozilla 1 Bugzilla 2026-04-23 N/A
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-3119 2 Php-fusion, X-iweb.ru 2 Php-fusion, Download System Msf 2026-04-23 N/A
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.
CVE-2009-3118 1 Danneo 1 Cms 2026-04-23 N/A
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.
CVE-2009-3117 1 Snowhall 1 Silurus System 2026-04-23 N/A
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3116 1 Uiga 1 Church Portal 2026-04-23 N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.
CVE-2009-3082 1 Snowhall 1 Silurus System 2026-04-23 N/A
SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3081 1 Uiga 1 Church Portal 2026-04-23 N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3063 2 Indianpulses, Joomla 2 Com Gameserver, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.