Total
19618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4958 | 1 Emophp | 1 Emo Breeder Manager | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter. | |||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4954 | 2 Typo3, Websedit | 2 Typo3, Sk Calendar | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4950 | 2 Tim Lochmueller \& Thomas Buss, Typo3 | 2 A21glossary Advanced Output, Typo3 | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4947 | 1 Q2solutions | 1 Connx | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter. | |||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | |||||
| CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. | |||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | |||||
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter. | |||||
| CVE-2009-4933 | 1 Winterwebs | 1 Ezwebitor | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | |||||
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| pixelpost 1.7.1 has SQL injection | |||||
| CVE-2009-4892 | 1 Webjump | 1 Webjump\! | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php. | |||||
| CVE-2009-4891 | 1 Cs-cart | 1 Cs-cart | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action. | |||||
| CVE-2009-4889 | 2 Basti2web, Php-fusion | 2 Book Panel, Php-fusion | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. | |||||
| CVE-2009-4884 | 1 Bernhard Frohlich | 1 Phpcom | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php. | |||||
| CVE-2009-4883 | 1 Todd Rogers | 1 Phprecipebook | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action. | |||||
| CVE-2009-4872 | 1 Logoshows | 1 Logoshows Bbs | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
