探索與 SQL Injection 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 SQL Injection 類型、2009 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2009-4499 | SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | 7.5 | 0.24% | 2009-12-31 | 2026-04-23 |
| CVE-2009-4477 | SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 | 0.34% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4475 | SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | 7.5 | 0.34% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4474 | SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 | 0.25% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4470 | SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter. | 7.5 | 0.26% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4456 | SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 0.11% | 2009-12-30 | 2026-04-23 |
| CVE-2009-4437 | Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | 7.5 | 0.36% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4436 | Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706. | 7.5 | 0.35% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4432 | SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action. | 7.5 | 0.15% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4430 | SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action. | 7.5 | 0.14% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4428 | SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | 7.5 | 0.20% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4424 | SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 0.10% | 2009-12-28 | 2026-04-23 |
| CVE-2009-4423 | SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information. | 7.5 | 0.20% | 2009-12-24 | 2026-04-23 |
| CVE-2009-4414 | SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php. | 6.8 | 0.78% | 2009-12-24 | 2026-04-23 |
| CVE-2009-3582 | Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | 6.5 | 0.53% | 2009-12-23 | 2026-04-23 |
| CVE-2009-4401 | SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4399 | SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4396 | SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4394 | SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |
| CVE-2009-4393 | SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2009-12-22 | 2026-04-23 |