Vulnerabilities (CVE)

Filtered by CWE-89
Total 15514 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2903 1 Awbs 1 Advanced Webhost Billing System 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.
CVE-2008-7120 1 Mrcgiguy 1 Hot Links Sql-php 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
CVE-2008-0279 1 Xforum 1 Xforum 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
CVE-2008-6153 1 Jayeshp 1 Pixel8 Web Photo Album 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
CVE-2008-5805 1 Deltascripts 1 Php Classifieds 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
CVE-2008-6880 1 Easysitenetwork 1 Jokes Complete Website 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6332 1 Simplecustomer 1 Simple Customer 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2008-1077 1 Mamboportal.com 1 Simpleboard 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.
CVE-2008-1551 1 Runcms 2 Photo Module, Runcms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-2093 1 Ibm 1 Websphere Partner Gateway 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2130 1 Igaming 1 Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5268 1 Aspportal 1 Aspportal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
CVE-2008-2796 1 Freecms.us 1 Freecms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2007-5511 1 Oracle 1 Database Server 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
CVE-2008-1935 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2009-0458 1 Wholehogsoftware 1 Ware Support 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2008-6634 1 Beaussier 1 Roomphplanning 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idroom parameter to weekview.php.
CVE-2009-0705 1 Powerscripts 1 Powernews 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2008-2823 1 Phpeasynews 1 Phpeasyblog 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.