Vulnerabilities (CVE)

Filtered by CWE-89
Total 15507 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6272 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
CVE-2007-6551 1 Mailmachinepro 1 Mailmachine Pro 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0326 1 Dark Age Cms 1 Dark Age Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7116 1 Kubix 1 Kubix 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
CVE-2007-2803 1 Vizayn Urun 1 Tanitim Sitesi 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.
CVE-2007-6217 1 Irola 1 My-time 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-4701 1 Liberiacms 1 Liberia Cms 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6573 1 Avaya 1 Communication Manager 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.
CVE-2008-5739 1 Pligg 1 Pligg Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
CVE-2009-1509 1 Myiosoft 1 Ajaxportal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-0835 1 Simple Cms 1 Simple Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
CVE-2008-6425 1 Comicshout 1 Comicshout 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2008-6852 2 Joomla, Markus Donhauser 2 Joomla\!, Ice Gallery Component For Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-4373 1 Availscript 1 Availscript Jobs Portal Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2008-5923 1 Asp-dev 1 Xm Events Diary 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
CVE-2007-4953 1 Simpcms 1 Simpcms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2008-3125 1 Mole Group 1 Lastminute Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-0516 1 Businessspace 1 Businessspace 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.