Total
19538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0646 | 1 4site | 1 4site Cms | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml. | |||||
| CVE-2009-0604 | 1 Php Director | 1 Php Director | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter. | |||||
| CVE-2009-0598 | 1 Phpmesfilms | 1 Phpmesfilms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0597 | 1 W3b Cms | 1 Aka W3blabor Cms | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action. | |||||
| CVE-2009-0593 | 1 Plxwebdev | 1 Plx Auto Reminder | 2026-06-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action. | |||||
| CVE-2009-0574 | 1 Cafeengine | 1 Easycafeengine | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604. | |||||
| CVE-2009-0543 | 1 Proftpd | 1 Proftpd | 2026-06-16 | 6.8 MEDIUM | N/A |
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. | |||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | |||||
| CVE-2009-0534 | 1 Flexcms | 1 Flexcms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. | |||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2009-0528 | 1 Rhadrix | 1 If-cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0516 | 1 Businessspace | 1 Businessspace | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-0494 | 2 Joomla, Mivaco | 2 Joomla, Com Portfol | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php. | |||||
| CVE-2009-0493 | 1 Martin Unzner | 1 It\!cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2009-0479 | 1 Onlinegrades | 1 Online Grades | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0462 | 1 Clicktech | 1 Clickcart | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0454 | 1 Dmxready | 1 Online Notebook Manager | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue. | |||||
| CVE-2009-0452 | 1 Onlinegrades | 1 Online Grades | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter. | |||||
