Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4618 | 1 Tourismscripts | 1 Bus Script | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php. | |||||
| CVE-2009-4617 | 1 Tourismscripts | 1 Tourism Script Accomodation Hotel Booking Portal Script | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. | |||||
| CVE-2009-4615 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action. | |||||
| CVE-2009-4564 | 1 Zenphoto | 1 Zenphoto | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/. | |||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-4560 | 1 Worms-league | 1 Webleague | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2009-4551 | 1 Intesync | 1 Miniweb | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. | |||||
| CVE-2009-4550 | 2 Joomla, Kunena | 2 Joomla\!, Kunena Forum | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. | |||||
| CVE-2009-4540 | 1 Bpowerhouse | 1 Mini Cms | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4477 | 1 Xstate | 1 Real Estate | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | |||||
| CVE-2009-4474 | 2 Mambo-foundation, Mikedeboer | 2 Mambo, Com Zoom | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | |||||
| CVE-2009-4206 | 1 Cmsnx | 1 Million Dollar Text Links | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4204 | 1 Ringsworld | 1 Flashlight Free Edition | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4203 | 1 Arabportal | 1 Arab Portal | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. | |||||
| CVE-2009-4200 | 2 Joomla, Vollmar | 2 Joomla\!, Com Seminar | 2017-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. | |||||
| CVE-2009-4199 | 3 Joomla, Mambo-foundation, Mamboforge | 3 Joomla\!, Mambo, Com Mosres | 2017-09-19 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. | |||||
| CVE-2009-4198 | 1 Cupidsystems | 1 Myminibill | 2017-09-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action. | |||||
| CVE-2009-3975 | 1 Moagallery | 1 Moa | 2017-09-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action. | |||||