Vulnerabilities (CVE)

Filtered by CWE-89
Total 15397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6516 1 Shawn Bradley 1 Php Ticket System 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
CVE-2010-1727 1 Aspsiteware 1 Jobpost 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1493 2 Awdsolution, Joomla 2 Com Awdwall, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
CVE-2010-5047 1 V-eva 1 Press Release Script 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4803 2 Andreas Schwarzkopf, Typo3 2 Accessibility Glossary, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4753 1 Parallels 1 Parallels Plesk Small Business Panel 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
CVE-2011-4292 1 Moodle 1 Moodle 2025-04-11 4.0 MEDIUM N/A
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
CVE-2012-0973 1 Osclass 1 Osclass 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.
CVE-2012-0912 1 Stone-ware 1 Webnetwork 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2923 1 Hypermethod 1 Elearning Server 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2012-2007 1 Hp 1 Performance Insight 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1499 1 Musicboxv2 1 Musicbox 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2923 2 Joomla, Prasanna 2 Joomla\!, Com Youtube 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
CVE-2011-5230 1 Seotoaster 1 Seotoaster 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
CVE-2010-4959 1 Preproject 1 Pre Podcast Portal 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2009-4742 1 Docebo 1 Docebo 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php.
CVE-2009-4950 2 Tim Lochmueller \& Thomas Buss, Typo3 2 A21glossary Advanced Output, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4745 2 Kurt Gusbeth, Typo3 2 Myquizpoll, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4967 2 Jochen Rieger, Typo3 2 Car, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1669 1 Mahara 1 Mahara 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.