SQL Injection に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2009 年に公開され、SQL Injection に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2009-4499 | SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | 7.5 | 0.24% | 2009-12-31 | 2026-04-23 |
| CVE-2009-4477 | SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 | 0.34% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4475 | SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | 7.5 | 0.34% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4474 | SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 | 0.25% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4470 | SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter. | 7.5 | 0.26% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4456 | SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 0.11% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4437 | Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | 7.5 | 0.36% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4436 | Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706. | 7.5 | 0.35% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4432 | SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action. | 7.5 | 0.15% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4430 | SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action. | 7.5 | 0.14% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4428 | SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | 7.5 | 0.20% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4424 | SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 0.10% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4423 | SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information. | 7.5 | 0.20% | 2009-12-24 | 2026-04-23 |
| CVE-2009-4414 | SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php. | 6.8 | 0.78% | 2009-12-24 | 2026-04-23 |
| CVE-2009-3582 | Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | 6.5 | 0.53% | 2009-12-23 | 2026-04-23 |
| CVE-2009-4401 | SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4399 | SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4396 | SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4394 | SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4393 | SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |