Vulnerabilities (CVE)

Filtered by CWE-89
Total 15408 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5121 1 Phpfox 1 Phpfox 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
CVE-2010-1049 1 Uiga 1 Business Portal 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.
CVE-2012-5328 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-11 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
CVE-2009-4925 1 Creasito 1 Creasito E-commerce Content Manager 2025-04-11 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
CVE-2012-5909 1 Mybb 1 Mybb 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2010-0724 1 Mhd Zaher Ghaibeh 1 Arab Cart 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5288 1 Accomplishtechnology 1 Phpmydirectory 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2135 1 Hazelpress 1 Hazelpress 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.
CVE-2011-4763 1 Parallels 1 Parallels Plesk Small Business Panel 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.
CVE-2010-2508 1 2daybiz 1 Video Community Portal Script 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2009-4965 2 Thomas Waggershauser, Typo3 2 Air Lexicon, Typo3 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4797 1 Jobhut.spranger 1 Jobhut 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.
CVE-2009-4973 1 Sweetphp 1 Totalcalendar 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
CVE-2010-4979 1 Nicholas Berry 1 Candid 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
CVE-2010-4359 1 Jurpo 1 Jurpopage 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2011-5139 1 Preprojects 1 Business Cards Designer 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5453 1 Atutor 1 Acontent 2025-04-11 6.5 MEDIUM N/A
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
CVE-2010-1331 1 Heartlogic 1 Hl-sitemanager 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2010-4006 2 Wsn, Wsnlinks 3 Links, Wsn Links, Wsn Links 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.