Vulnerabilities (CVE)

Filtered by CWE-89
Total 15510 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4953 1 Simpcms 1 Simpcms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.
CVE-2008-3125 1 Mole Group 1 Lastminute Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-0516 1 Businessspace 1 Businessspace 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-3491 1 Scripts24 2 Ipost, Itgp 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
CVE-2008-4627 2 Rgallery, Woltlab 2 Rgallery Plugin, Woltlab Burning Board 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
CVE-2008-3861 1 Phpmyrealty 1 Phpmyrealty 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
CVE-2008-3711 1 Phparcadescript 1 Phparcadescript 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
CVE-2008-4379 1 Mr. Cgi Guy 1 Hot Links Sql Php 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-0695 1 Bookmarkx 1 Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.
CVE-2009-0332 1 Avbooklibrary 1 Avbooklibrary 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
CVE-2008-3200 1 Easy-script 1 Avlc Forum 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
CVE-2008-3590 1 Egi Zaberl 1 E.z. Poll 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0325 1 Fascript 1 Fapersian Petition 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0288 1 Imagealbum 1 Imagealbum 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
CVE-2008-0353 1 Php-residence 1 Php-residence 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1023 1 Phpcomasy 1 Phpcomasy 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
CVE-2008-6525 1 Nicephpscripts 1 Nice Php Faq Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
CVE-2007-4837 1 Proxy Anket 1 Proxy Anket 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1591 1 Postnuke 1 Postnuke 2025-04-09 7.5 HIGH N/A
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
CVE-2009-4577 1 Maxdev 2 Mdforum, Mdpro 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.