Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0373 | 2 Elearningforce, Joomla | 2 Flash Magazine Deluxe, Joomla | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. | |||||
| CVE-2009-0379 | 1 Joomla | 2 Com Pcchess, Joomla | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. | |||||
| CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2017-09-28 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2. | |||||
| CVE-2009-0381 | 2 Bazaarbuilder, Joomla | 2 Ecommerce Shopping Cart, Joomla | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php. | |||||
| CVE-2009-0384 | 1 Adam Tomecek | 1 Ownrs | 2017-09-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0394 | 1 Ple Cms | 1 Ple Cms | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter. | |||||
| CVE-2009-0395 | 1 Netartmedia | 1 Car Portal | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-0400 | 1 Socialengine | 1 Socialengine | 2017-09-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2009-0405 | 1 Smartsitecms | 1 Smartsitecms | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. | |||||
| CVE-2009-0406 | 1 Community Cms | 1 Community Cms | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0403 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-0407 | 1 Humayun Shabbir | 1 Php-cms Project | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-0420 | 2 Joomla, Rd-media | 2 Joomla, Rd-autos | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-0421 | 1 Joomla | 2 Com Eventing, Joomla | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2009-0425 | 1 Blue Eye Cms | 1 Blue Eye Cms | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter. | |||||
| CVE-2009-0445 | 1 Dreampics | 1 Gallery Builder | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action. | |||||
| CVE-2009-0446 | 1 Web-album | 1 Webalbum | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0447 | 1 Aspindir | 1 Mydesign Sayac | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0451 | 1 Skalinks | 1 Skalinks | 2017-09-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attackers to execute arbitrary SQL commands via the Admin name field to the default URI under admin/. | |||||
| CVE-2009-0452 | 1 Onlinegrades | 1 Online Grades | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter. | |||||