Vulnerabilities (CVE)

Filtered by CWE-89
Total 15514 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1726 1 Myknowledgequest 1 Knowledgequest 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
CVE-2008-2793 1 Clip-share 1 Clipshare 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2007-6671 1 Instantsoftwares 1 Dating Site 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
CVE-2008-0942 1 Aeries 1 Aeries Student Information System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
CVE-2009-2102 2 Com Jumi, Joomla 2 Com Jumi, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
CVE-2009-0407 1 Humayun Shabbir 1 Php-cms Project 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2007-5719 1 Minibb 1 Minibb 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.
CVE-2008-5582 1 Nukedit 1 Nukedit 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2008-6488 1 Softcomplex 1 Php Image Gallery 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
CVE-2008-4376 1 Livetvscript 1 Live Tv Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-6853 1 Netcat 1 Netcat 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.
CVE-2006-5957 1 Infinicart 1 Infinicart 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.
CVE-2008-1460 3 Joomla, Joomlapixel, Mambo 3 Joomla, Com Joovideo, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0709 1 Vlad Alexa Mancini 1 Phpfootball 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2735 1 Sun-jester 1 Opennews 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-2532 1 Aj Square 1 Aj Hyip 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2341 1 Shalwan 1 Opial 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2008-5165 1 Eticket 1 Eticket 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
CVE-2008-4604 1 Cafeengine 1 Easycafeengine 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.