Search Results (19845 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3313 1 Fmyclone 1 Fmyclone 2026-04-23 N/A
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
CVE-2009-3314 1 Eliteladders 1 Elite Gaming Ladders 2026-04-23 N/A
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
CVE-2009-3315 1 Nelogic 1 Nephp Publisher 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
CVE-2009-3316 2 Jforjoomla, Joomla 2 Com Jreservation, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2009-3319 1 Dimofinf 1 Dawaween 2026-04-23 N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.
CVE-2009-3321 1 Saphplesson 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
CVE-2009-3325 2 Focusdev, Joomla 2 Com Surveymanager, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2009-3326 1 Cmscontrol 1 Cmscontrol 2026-04-23 N/A
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.
CVE-2009-3327 1 Webilix 1 Wx-guestbook 2026-04-23 N/A
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3330 1 Cpecreator 1 Cp Creator 2026-04-23 N/A
SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.
CVE-2009-3332 2 Joomla, Sopinet 2 Joomla, Com Jbudgetsmagic 2026-04-23 N/A
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2026-04-23 N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2009-3335 2 Joomla, Turtus 2 Joomla\!, Turtushout 2026-04-23 N/A
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
CVE-2009-3336 1 Phpprobid 1 Php Pro Bid 2026-04-23 N/A
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.
CVE-2009-3337 1 S9y 1 Serendipity Event Freetag 2026-04-23 N/A
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
CVE-2009-3342 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
CVE-2009-3343 1 Hotwebscripts 1 Hotweb Rentals 2026-04-23 N/A
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
CVE-2009-3349 1 Datavore 1 Gyro 2026-04-23 N/A
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
CVE-2009-3356 1 Plohni 1 Image Voting 2026-04-23 N/A
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.