Vulnerabilities (CVE)

Filtered by CWE-89
Total 15391 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0673 2 Copperleaf, Wordpress 2 Photolog, Wordpress 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2010-0677 1 Katalog.hurricane 1 Katalog Stron Hurricane 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
CVE-2010-1721 2 Joomla, Thethinkery 2 Joomla\!, Com Iproperty 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
CVE-2011-5259 1 Orangehrm 1 Orangehrm 2025-04-11 6.8 MEDIUM N/A
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4969 1 Typo3 2 Sbanner, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-5004 1 2daybiz 1 Polls Script 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2013-6875 1 Nagios 1 Nagios Xi 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVE-2010-1092 1 Scriptsfeed 1 Business Directory Software 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
CVE-2012-0234 1 Advantech 1 Advantech Webaccess 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
CVE-2010-2687 1 Site2nite 1 Boat Classifieds 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
CVE-2010-1725 1 Alibabaclone 1 Alibaba Clone Platinum 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4724 1 Paymentprocessorscript 1 Ppscript 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2010-1876 1 Ajsquare 1 Aj Shopping Cart 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
CVE-2010-1009 2 Joachim-ruhs, Typo3 2 Educator, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-5102 1 Atcom 1 Netvolution 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
CVE-2011-4671 2 Adrotateplugin, Wordpress 2 Adrotate, Wordpress 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVE-2010-4496 1 Tibco 2 Activecatalog, Collaborative Information Manager 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5697 2 Apache, Simone Tellini 2 Http Server, Mod Accounting 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
CVE-2012-1777 1 F5 1 Firepass 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
CVE-2013-4461 1 Redhat 1 Enterprise Mrg 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."