Vulnerabilities (CVE)

Filtered by CWE-89
Total 16373 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4296 2 Brian Miller, Drupal 2 Taxonomy Timer, Drupal 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-4786 1 E107 2 E107, Easyshop Plugin 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2009-4591 1 Secureideas 1 Base 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-1462 1 Runcms 1 Runcms 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.
CVE-2008-2856 1 Ownrs 1 Ownrs 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3762 1 Turnkeywebtools 1 Php Live Helper 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVE-2008-1496 1 Peel 1 Peel 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
CVE-2007-4778 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.
CVE-2008-5003 1 Shahrood 1 Shahrood 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-6557 1 Megacheatz 1 Megacheatz 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
CVE-2008-3414 1 Siteadmin 1 Cms 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
CVE-2008-1864 1 Prozilla 1 Prozilla Freelancers 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
CVE-2008-3039 1 Typo3 1 Dam Frontend Extension 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2678 1 Telephone 1 Telephone Directory 2008 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
CVE-2010-0324 2 Patrick Bauerochse, Typo3 2 Ref List, Typo3 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2175 1 Gamma Scripts 1 Blogme Php 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2866 1 Caupo.net 1 Cauposhop Classic 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
CVE-2009-0426 1 Dmxready 1 Classified Listings Manager 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-5321 2 Xoops, Xoops Hocasi 2 Xoops, Gesgaleri 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
CVE-2008-5595 1 Aspapps 1 Asp Autodealer 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.