Search Results (19852 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2310 1 Bow Der Kleine 1 X-blc 2026-04-23 N/A
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2009-2311 2 Selbstzweck, Woltlab 2 Rgallery Plugin, Burning Board 2026-04-23 N/A
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
CVE-2009-3417 2 Idojoomla, Joomla 2 Com Idoblog, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
CVE-2009-3418 1 Plume-cms 1 Plume Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3419 1 Intesync 1 Miniweb 2026-04-23 N/A
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
CVE-2009-3430 1 Allomani 1 Mobile 2026-04-23 N/A
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
CVE-2009-3434 3 Joomla, Mambo, Onestopjoomla 3 Joomla, Mambo, Com Tupinambis 2026-04-23 N/A
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
CVE-2009-3436 1 Maxwebportal 1 Maxwebportal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417.
CVE-2009-3438 2 Joomla, Witchakorn Kamolpornwijit 2 Joomla, Com Facebook 2026-04-23 N/A
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
CVE-2009-3439 1 Alienvault 1 Ossim 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu.
CVE-2009-3443 2 Fastballproductions, Joomla 2 Com Fastball, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
CVE-2009-3446 2 Joomla, Rick Estrada 2 Joomla, Com Mytube 2026-04-23 N/A
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
CVE-2009-3480 2 Isygen, Joomla 2 Icrm Basic, Joomla 2026-04-23 N/A
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3491 2 Joomla, Kinfusion 2 Joomla\!, Com Sportfusion 2026-04-23 N/A
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
CVE-2009-3501 1 Bpowerhouse 1 Bpstudents 2026-04-23 N/A
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.
CVE-2009-3494 1 Todor Lazarov 1 T-htb Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
CVE-2009-3495 1 Vastal 1 Dvd Zone 2026-04-23 N/A
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
CVE-2009-3497 1 Vastal 1 Agent Zone 2026-04-23 N/A
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3498 1 Hbcms 1 Hbcms 2026-04-23 N/A
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2009-3499 1 Bpowerhouse 1 Bplawyercasedocuments 2026-04-23 N/A
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.