Vulnerabilities (CVE)

Filtered by CWE-89
Total 15526 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2114 1 Preprojects 1 Pre Shopping Mall 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2008-4882 1 Yourfreeworld 1 Autoresponder Hosting Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2147 1 Phpwebthings 1 Phpwebthings 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5166 1 Easysitenetwork 1 Riddles Website 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
CVE-2008-0815 2 Egitimhost, Joomla 2 Com Mezun, Com Mezun 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
CVE-2009-4165 2 Simple Glossar, Typo3 2 Simple Glossar, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4074 1 Zanfi Solutions 1 Autodealers Cms Autonline 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-6277 1 Rakhisoftware 1 Rakhisoftware Shopping Cart 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
CVE-2008-4469 1 Vastal I-tech 1 Freelance Zone 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.
CVE-2008-6892 1 Peel 1 Peel 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
CVE-2008-3092 1 Drupal 1 Taxonomy Autotagger Module 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-0461 1 Francisco Burzi 1 Php-nuke 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3514 1 Marcin Manek 1 D.net Cms 2025-04-09 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVE-2008-5573 1 Adcomplete 1 Poll Pro 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
CVE-2008-6329 1 Preproject 1 Pre Asp Job Board 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information.
CVE-2008-6033 1 Wsn Links 1 Wsn Links 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-5912 1 Jportal 1 Jportal Web Portal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
CVE-2007-5704 1 Codewidgets 1 Online Event Registration Template 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.
CVE-2007-5887 1 Infuseum 1 Asp Message Board 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6362 1 Ezonelink 1 Multiple Membership Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.