Vulnerabilities (CVE)

Filtered by CWE-89
Total 15679 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3784 2 Btitracker Project, Xbtitracker Project 2 Btitracker, Xbtitracker 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
CVE-2009-1741 1 Dutchmonkey 1 Dm Filemanager 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2008-5123 1 Castillocentral 1 Ccleague 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2008-1644 1 Savas Place 1 Savas Link Manager 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0282 1 Domphp 1 Domphp 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
CVE-2009-1548 1 Qsix 1 Blusky Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
CVE-2008-3070 1 Mybb 1 Mybb 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
CVE-2009-0672 1 Ravenphpscripts 1 Ravennuke 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
CVE-2009-2591 2 E-xoopport, Runcms 2 E-xoopport, Myannonces 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
CVE-2008-4072 1 Phsdev 1 Phsblog 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.
CVE-2008-1641 1 Efestech 1 Video 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
CVE-2008-1298 2 Kyantonius, Php-nuke 2 Hadith Module, Hadith Module 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
CVE-2009-2599 1 Radscripts 1 Radclassifieds 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
CVE-2009-2774 1 Php-paid4mail 1 Php-paid4mail 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-4757 1 Php-daily 1 Php-daily 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
CVE-2008-0650 1 Simple Os Cms 1 Simple Os Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0292 1 Shop-inet 1 Shop-inet 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
CVE-2008-3755 1 Yourfreeworld 1 Classifieds 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-3778 2 Adam Gerson, Drupal 2 Moodle Courselist, Drupal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2685 1 Battleblog 1 Battleblog 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.