Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2235 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2236 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2242 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2017-09-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2009-2254 | 1 Zen-cart | 1 Zen Cart | 2017-09-18 | 7.5 HIGH | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. | |||||
| CVE-2009-2385 | 2 Fustrate, Simple Machines | 2 Member Awards, Smf | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2276 | 2 Biglle, Punbb | 2 Vote For Us Extension, Punbb | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. | |||||
| CVE-2009-2402 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||||
| CVE-2009-2307 | 1 Maxdev | 2 Cwguestbook, Md-pro | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | |||||
| CVE-2009-2308 | 2 Punbb, Punres | 2 Punbb, Affiliates Mod | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. | |||||
| CVE-2009-2309 | 1 Codice-cms | 1 Codice Cms | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter. | |||||
| CVE-2009-2310 | 1 Bow Der Kleine | 1 X-blc | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2009-2311 | 2 Selbstzweck, Woltlab | 2 Rgallery Plugin, Burning Board | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627. | |||||
| CVE-2009-2326 | 1 Max Kervin | 1 Kervinet Forum | 2017-09-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack. | |||||
| CVE-2009-2337 | 1 W3bcms | 2 Gaestebuch Guestbook Module, W3bcms | 2017-09-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter. | |||||
| CVE-2009-2339 | 1 Rentventory | 1 Rentventory | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter. | |||||
| CVE-2009-2340 | 1 Opial | 1 Opial | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2341 | 1 Shalwan | 1 Opial | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | |||||
| CVE-2009-2366 | 1 Datachecknh | 2 Forumpal, Forumpal Fe | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2017-09-18 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-2383 | 2 Blogtrafficexchange, Wordpress | 2 Related-sites, Wordpress | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. | |||||