Search Results (37036 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2026-04-23 N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2883 1 Arabless 1 Saphplesson 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
CVE-2009-3059 1 Allpublication 1 Jboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
CVE-2009-3081 1 Uiga 1 Church Portal 2026-04-23 N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1852 1 Graphiks 1 Myforum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2008-5493 1 Phpstore 2 Wholesale, Wholesales 2026-04-23 N/A
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4804 2 Nukedgallery, Phpnuke 2 Gallery, Php-nuke 2026-04-23 N/A
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
CVE-2008-5490 1 Phpstore 1 Yahoo Answers 2026-04-23 N/A
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4305 1 Moodle 1 Moodle 2026-04-23 N/A
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
CVE-2008-0934 2 Nukec, Php-nuke 2 Nukec, Nukec Module 2026-04-23 N/A
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
CVE-2009-4341 2 Mischa Heissmann, Typo3 2 No Indexed Search, Typo3 2026-04-23 N/A
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2009-4342 2 Melvin Mach, Typo3 2 Jobexchange, Typo3 2026-04-23 N/A
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2008-5561 1 Netref 1 Netref 2026-04-23 N/A
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
CVE-2008-2382 2 Kvm Qumranet, Qemu 2 Kvm, Qemu 2026-04-23 N/A
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
CVE-2009-4386 1 Bookingcentre 1 Booking System For Hotels Group 2026-04-23 N/A
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
CVE-2009-4598 2 Corephp, Joomla 2 Com Jphoto, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2009-4619 2 Joomla, Lucygames 2 Joomla\!, Com Lucygames 2026-04-23 N/A
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-2972 1 Kblance 1 Kblance 2026-04-23 N/A
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
CVE-2008-2925 1 Valarsoft 1 Webmatic 2026-04-23 N/A
SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2921 1 Eztechhelp Company 1 Ezcms 2026-04-23 N/A
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.