Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3971 | 2 Joomla, Jtips | 2 Joomla\!, Com Jtips | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | |||||
| CVE-2009-2337 | 1 W3bcms | 2 Gaestebuch Guestbook Module, W3bcms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter. | |||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | |||||
| CVE-2009-3343 | 1 Hotwebscripts | 1 Hotweb Rentals | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter. | |||||
| CVE-2009-3758 | 1 Citrix | 1 Xencenterweb | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3715 | 1 Maniacomputer | 1 Mcshoutbox | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-3313 | 1 Fmyclone | 1 Fmyclone | 2017-09-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php. | |||||
| CVE-2009-3217 | 1 Wiccle | 1 Iwiccle | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php. | |||||
| CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
| CVE-2009-2599 | 1 Radscripts | 1 Radclassifieds | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action. | |||||
| CVE-2009-3595 | 1 Vspanel | 1 Vs Panel | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590. | |||||
| CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | |||||
| CVE-2009-3752 | 1 Opial | 1 Opial | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter. | |||||
| CVE-2009-2307 | 1 Maxdev | 2 Cwguestbook, Md-pro | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. | |||||
| CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. | |||||
| CVE-2009-2774 | 1 Php-paid4mail | 1 Php-paid4mail | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2009-4198 | 1 Cupidsystems | 1 Myminibill | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action. | |||||
| CVE-2009-3175 | 1 Boldfx | 1 Model Agency Manager Pro | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | |||||
| CVE-2017-1002022 | 1 Surveys Project | 1 Surveys | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||||
| CVE-2017-1002021 | 1 Surveys Project | 1 Surveys | 2017-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||||