Export limit exceeded: 19856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19856 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2926 1 Phpcompet.free 1 Php Competition System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
CVE-2009-2927 1 Digitalspinners 1 Ds Cms 2026-04-23 N/A
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
CVE-2009-2929 1 Tgs-cms 1 Tgs Content Management 2026-04-23 N/A
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
CVE-2009-2933 1 Piwigo 1 Piwigo 2026-04-23 N/A
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
CVE-2009-3494 1 Todor Lazarov 1 T-htb Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
CVE-2009-3495 1 Vastal 1 Dvd Zone 2026-04-23 N/A
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
CVE-2009-3497 1 Vastal 1 Agent Zone 2026-04-23 N/A
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3498 1 Hbcms 1 Hbcms 2026-04-23 N/A
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2009-3499 1 Bpowerhouse 1 Bplawyercasedocuments 2026-04-23 N/A
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-3500 1 Bpowerhouse 1 Bpgames 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
CVE-2009-3502 1 Bpowerhouse 1 Bpmusic 2026-04-23 N/A
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
CVE-2009-3503 1 Bpowerhouse 1 Bpholidaylettings 2026-04-23 N/A
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
CVE-2009-3504 1 Alibabaclone 1 Alibaba Clone 2026-04-23 N/A
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3505 1 Vastal 1 Mmorpg Zone 2026-04-23 N/A
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
CVE-2009-3510 1 Dataspheric 1 Linkspheric 2026-04-23 N/A
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.
CVE-2009-3514 1 Marcin Manek 1 D.net Cms 2026-04-23 N/A
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVE-2009-3528 1 Al4us 1 Mymsg 2026-04-23 N/A
SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.
CVE-2009-3529 1 Radscripts 1 Radbids 2026-04-23 N/A
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
CVE-2009-3531 1 Universe 1 Universe Cms 2026-04-23 N/A
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.