13187 matches found
CVE-2009-4583
The CVE-2009-4583 issue affects Joomla! via the DhForum (com_dhforum) component. The vulnerability is an SQL injection in the grouplist action of index.php, exploitable through the id parameter, enabling remote attackers to execute arbitrary SQL commands. The published CVSS2 base score is 7.5 (HI...
CVE-2009-4576
SQL injection vulnerability in the BeeHeard combeeheard component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a suggestions action to index.php...
Sql injection
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/...
Sql injection
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the 1 moduleid parameter in an admin/functionlist action, the 2 vendorid parameter in a vendor/vendorform action, the 3 moduleid parameter in an admin/moduleform actio...
CVE-2009-4569
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/...
CVE-2009-4571
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the 1 moduleid parameter in an admin/functionlist action, the 2 vendorid parameter in a vendor/vendorform action, the 3 moduleid parameter in an admin/moduleform actio...
CVE-2009-4561
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...
Sql injection
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/...
CVE-2009-4560
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter...
CVE-2009-4564
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/...
Sql injection
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter...
Sql injection
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...
CVE-2009-4560
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter...
CVE-2009-4564
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/...
CVE-2009-4551
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...
Sql injection
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...
CVE-2009-4551
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...
UCStats 1.1 - SQL Injection
UCStats 1.1 Remote SQL Injection Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Google Dork: "Powered by UCStats version 1.1" Vulnerability Description: UCStats version 1.1 suffers a remote SQL injection vulnerability in stats.php...