Vulnerabilities (CVE)

Filtered by CWE-89
Total 19758 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4638 1 Spamtitan 1 Webtitan 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.
CVE-2011-4571 2 Eaimproved, Joomla 2 Com Estateagent, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVE-2011-4570 2 Joomla, Takeaweb 2 Joomla\!, Com Timereturns 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVE-2011-4569 2 Mybb, Tom K 2 Mybb, Forum Userbar Plugin 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
CVE-2011-4559 1 Vtiger 1 Vtiger Crm 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
CVE-2011-4542 1 Hastymail 1 Hastymail2 2026-06-16 7.5 HIGH N/A
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2011-4521 1 Advantech 1 Advantech Webaccess 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.
CVE-2011-4487 1 Cisco 7 Business Edition 3000, Business Edition 3000 Software, Business Edition 5000 and 4 more 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
CVE-2011-4460 1 Bestpractical 1 Rt 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
CVE-2011-4448 1 Wikkawiki 1 Wikkawiki 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.
CVE-2011-4349 1 Freedesktop 1 Colord 2026-06-16 4.6 MEDIUM N/A
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
CVE-2011-4292 1 Moodle 1 Moodle 2026-06-16 4.0 MEDIUM N/A
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
CVE-2011-4215 1 Oneorzero 1 Aims 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
CVE-2011-4113 2 Drupal, Earl Miles 2 Drupal, Views 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
CVE-2011-4094 1 Jara Project 1 Jara 2026-06-16 7.5 HIGH 9.8 CRITICAL
Jara 1.6 has a SQL injection vulnerability.
CVE-2011-4066 1 Sir 1 Gnuboard 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVE-2011-4026 1 Xia Zuojie 1 Nexusphp 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-3989 1 Hiroyuki Oyama 1 Dbd\ 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-3988 1 Lockon 1 Ec-cube 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-3838 1 Wuzly 1 Wuzly 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php.