Vulnerabilities (CVE)

Filtered by CWE-89
Total 15703 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0185 1 Netrisk 1 Netrisk 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
CVE-2008-3347 1 Myiosoft 1 Easydynamicpages 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
CVE-2009-1500 1 Projectcms 1 Projectcms 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
CVE-2009-3361 1 Paul Gibbs 1 Php-ipnmonitor 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.
CVE-2007-5974 1 Jportal 1 Jportal Web Portal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
CVE-2008-2754 1 Efiction 1 Efiction 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVE-2007-3909 1 Bandersnatch 1 Bandersnatch 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.
CVE-2008-3445 1 Phpmyrealty 1 Phpmyrealty 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
CVE-2008-2477 1 Mx-system 1 Mxbb Portal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-3314 1 Eliteladders 1 Elite Gaming Ladders 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
CVE-2008-3944 1 Discountedscripts 1 Acg Ptp 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
CVE-2009-4392 1 Typo3 2 Typo3, Xds Staff 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-4456 2 Mambo, Parkview Consultants 2 Mambo, Simplefaq 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.
CVE-2008-4461 1 Vastal I-tech 1 Dating Zone 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.
CVE-2008-0487 1 The Net Guys 1 Aspired2protect 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-4642 1 Astrospaces 1 Astrospaces 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
CVE-2008-3035 1 Xchangeboard 1 Xchangeboard 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
CVE-2008-3554 1 Comsenz 1 Discuz 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
CVE-2008-6463 2 Fr.simon Rundell, Typo3 2 Pd Churchsearch, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-5122 1 Ektron 1 Cms4000.net 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.