Total
19556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | |||||
| CVE-2009-2276 | 2 Biglle, Punbb | 2 Vote For Us Extension, Punbb | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. | |||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
| CVE-2009-2254 | 1 Zen-cart | 1 Zen Cart | 2026-06-16 | 7.5 HIGH | N/A |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. | |||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2242 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2009-2239 | 1 Joomla | 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2009-2236 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2235 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2234 | 1 Vicidial | 1 Call Center Suite | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW). | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2230 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. | |||||
| CVE-2009-2209 | 1 Rs-cms | 1 Rs-cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2009-2179 | 1 W2b | 1 Phpdatingclub | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | |||||
| CVE-2009-2167 | 1 Egyplus | 1 7ammel | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php. | |||||
| CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2026-06-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. | |||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-2152 | 1 Isabela Gasparini | 1 Adaptweb | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | |||||
| CVE-2009-2148 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
