Vulnerabilities (CVE)

Filtered by CWE-89
Total 19758 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4829 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2011-4826 1 Autosectools 1 V-cms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4824 1 Cacti 1 Cacti 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.
CVE-2011-4823 2 Extensionsforjoomla, Joomla 2 Com Vikrealestate, Joomla\! 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVE-2011-4816 1 Ibm 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4811 1 Bst 1 Bestshoppro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
CVE-2011-4808 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVE-2011-4803 2 Bravenewcode, Wordpress 2 Wptouch, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4802 1 Dolibarr 1 Dolibarr Erp\/crm 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2011-4801 1 Authenex 1 Authenex Strong Authentication System Server 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2011-4763 1 Parallels 1 Parallels Plesk Small Business Panel 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.
CVE-2011-4753 1 Parallels 1 Parallels Plesk Small Business Panel 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
CVE-2011-4734 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.
CVE-2011-4725 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.
CVE-2011-4710 2 Getpixie, Lucidcrew 2 Pixie, Pixie 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
CVE-2011-4674 1 Zabbix 1 Zabbix 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
CVE-2011-4673 2 Automattic, Wordpress 2 Jetpack, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-4672 1 Valid 1 Tiny-erp 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
CVE-2011-4671 2 Adrotateplugin, Wordpress 2 Adrotate, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVE-2011-4669 1 Wordpress 2 Wordpress, Wordpress-users 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.