Vulnerabilities (CVE)

Filtered by CWE-89
Total 16374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2890 1 Offl 1 Online Fantasy Football League 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
CVE-2008-2556 1 Hessel Brouwer 1 Php Visit Counter 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
CVE-2008-3725 1 Yourfreeworld 1 Ad Board Script 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0642 1 Rbl 1 Tforum 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
CVE-2008-5641 1 Activewebsoftwares 1 Active Photo Gallery 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2008-2223 1 Buyscripts 1 Vshare Youtube Clone 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2008-3768 1 Turnkeywebtools 1 Sunshop Shopping Cart 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
CVE-2008-4732 2 Pressography, Wordpress 2 Wp Comment Remix Plugin, Wordpress 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2008-6873 1 Activewebsoftwares 1 Active Web Mail 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2008-6156 1 Formfields 1 Adman 2025-04-09 6.5 MEDIUM N/A
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
CVE-2009-4296 2 Brian Miller, Drupal 2 Taxonomy Timer, Drupal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4786 1 E107 2 E107, Easyshop Plugin 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-4591 1 Secureideas 1 Base 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-1462 1 Runcms 1 Runcms 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2008-2856 1 Ownrs 1 Ownrs 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3762 1 Turnkeywebtools 1 Php Live Helper 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVE-2008-1496 1 Peel 1 Peel 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
CVE-2007-4778 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.
CVE-2008-5003 1 Shahrood 1 Shahrood 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6557 1 Megacheatz 1 Megacheatz 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.