Export limit exceeded: 19355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19355 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4617 | 1 Tourismscripts | 1 Tourism Script Accomodation Hotel Booking Portal Script | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. | ||||
| CVE-2009-4613 | 1 Netartmedia | 1 Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4600 | 1 Netartmedia | 1 Media Real Estate Portal | 2026-04-23 | N/A |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4599 | 2 Joomla, Joomshark | 2 Joomla, Com Jsjobs | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. | ||||
| CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. | ||||
| CVE-2009-4597 | 1 Phpwares | 1 Php Inventory | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-4595 | 1 Phpwares | 1 Php Inventory | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4591 | 1 Secureideas | 1 Base | 2026-04-23 | N/A |
| SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | ||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-4577 | 1 Maxdev | 2 Mdforum, Mdpro | 2026-04-23 | N/A |
| SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | ||||
| CVE-2009-4576 | 2 Cmstactics, Joomla | 2 Com Beeheard, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php. | ||||
| CVE-2009-4571 | 1 Phpshop | 1 Phpshop | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681. | ||||
| CVE-2009-4566 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4564 | 1 Zenphoto | 1 Zenphoto | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/. | ||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2009-4560 | 1 Worms-league | 1 Webleague | 2026-04-23 | N/A |
| SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2009-4551 | 1 Intesync | 1 Miniweb | 2026-04-23 | N/A |
| SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. | ||||
| CVE-2009-4550 | 2 Joomla, Kunena | 2 Joomla\!, Kunena Forum | 2026-04-23 | N/A |
| SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. | ||||
| CVE-2009-4540 | 1 Bpowerhouse | 1 Mini Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||