Vulnerabilities (CVE)

Filtered by CWE-89
Total 15526 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1962 1 Xoops 2 Wf-snippets, Xoops 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVE-2008-4205 1 Attachmax 1 Dolphin 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0324 1 Bibciter 1 Bibciter 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php.
CVE-2007-6012 1 Gatesoft 1 Docusafe 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information.
CVE-2009-3498 1 Hbcms 1 Hbcms 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2008-1646 2 Arnos Toolbox, Wordpress 2 Wp-download, Wp Download 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
CVE-2009-3203 1 Ajsquare 1 Aj Auction Pro-oopd 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2918 1 Application Dynamics 1 Cartweaver 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.
CVE-2009-4218 1 Jiros 1 Jbsx 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0561 3 Arthur Konze Webdesign, Joomla, Mambo 3 Akogallery, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-1344 1 Myiosoft 1 Easycalendar 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.
CVE-2008-2564 1 Joomla 2 Com Jotloader, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2008-0833 1 Joomla 1 Com Galeria 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-3752 1 Opial 1 Opial 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
CVE-2009-0287 1 Keep Toolkit 1 Keep Toolkit 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
CVE-2008-0232 1 Zero Cms 1 Zero Cms 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.
CVE-2009-3342 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
CVE-2008-4142 1 Ephpscripts 1 E-php Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
CVE-2008-6338 2 Typo3, Weber-ebusiness 2 Typo3, Wes Facilities 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2673 1 Censura 1 Censura 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.