Search Results (19350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1736 1 Joomla 2 Com Gsticketsystem, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
CVE-2009-1741 1 Dutchmonkey 1 Dm Filemanager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2009-1746 1 Diangemilang 1 Dgnews 2026-04-23 N/A
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-1747 1 26thavenue 1 Bspeak 2026-04-23 N/A
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
CVE-2009-1764 1 Bokecc 1 Maxcms 2026-04-23 N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-1766 1 Teozkr 1 Lightopencms 2026-04-23 N/A
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1778 1 Bigace 1 Bigace Cms 2026-04-23 N/A
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1787 1 Phpdirsubmit 1 Php Dir Submit 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
CVE-2009-2337 1 W3bcms 2 Gaestebuch Guestbook Module, W3bcms 2026-04-23 N/A
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
CVE-2009-2339 1 Rentventory 1 Rentventory 2026-04-23 N/A
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-2340 1 Opial 1 Opial 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2341 1 Shalwan 1 Opial 2026-04-23 N/A
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-2345 1 Clansphere 1 Clansphere 2026-04-23 N/A
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
CVE-2009-2354 1 Nulllogic 1 Groupware 2026-04-23 N/A
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2365 1 Datachecknh 1 Gallerypal Fe 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2366 1 Datachecknh 2 Forumpal, Forumpal Fe 2026-04-23 N/A
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
CVE-2009-2388 1 Shalwan 1 Opial 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2389 1 Usolved 1 Newsolved 2026-04-23 N/A
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
CVE-2009-2390 2 F-cimag-in, Joomla 2 Com Bookflip, Joomla 2026-04-23 N/A
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
CVE-2009-2392 1 Virtuenetz 1 Virtue Online Test Generator 2026-04-23 N/A
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.