Vulnerabilities (CVE)

Filtered by CWE-89
Total 15527 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6964 1 X7 Group 1 X7 Chat 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2008-1316 1 Qt-cute 1 Quicktalk Forum 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3750 1 Santostefano Giovanni 1 Toylog 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
CVE-2009-1347 1 Chcounter 1 Chcounter 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
CVE-2008-5088 1 Knowledgebase-script 1 Phpkb Knowledge Base Software 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
CVE-2008-0507 1 Wordpress 1 Adserve 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4166 2 Michal Hadr, Typo3 2 Mchtrips, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-7077 1 Relative 1 Sailplanner 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2009-2392 1 Virtuenetz 1 Virtue Online Test Generator 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2009-4597 1 Phpwares 1 Php Inventory 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-1341 1 Lagarde 1 Storefront 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5772 1 Aspsiteware 1 Realtylistings 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
CVE-2008-1632 1 Emedia Office Gmbh 1 Cuteflow 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2231 1 Slashcode.com 1 Slash 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
CVE-2008-4656 1 Typo3 2 Frontend Users View, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-6540 1 Neuron 1 News 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
CVE-2008-0744 1 Preprojects.com 1 Pre Hotels \& Resorts Management System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.
CVE-2007-5975 1 Torrentstrike 1 Torrentstrike 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2412 1 Acgv.free 1 Acgv News 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0499 1 Mamboxchange 1 Laithai 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.