Vulnerabilities (CVE)

Filtered by CWE-89
Total 19746 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2917 1 Mambo-foundation 1 Mambo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
CVE-2011-2751 1 Parodia 1 Parodia 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-2715 1 Drupal 2 Data, Drupal 2026-06-16 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
CVE-2011-2703 2 Osgeo, Umn 2 Mapserver, Mapserver 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
CVE-2011-2688 3 Apache, Debian, Mod Authnz External Project 3 Http Server, Debian Linux, Mod Authnz External 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2011-2546 1 Cisco 4 Sa500 Software, Sa520, Sa520w and 1 more 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
CVE-2011-2467 1 Likewise 1 Likewise Open 2026-06-16 5.8 MEDIUM N/A
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-2403 1 Hp 1 Network Automation 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-2181 1 Reallysimplechat 1 Really Simple Chat 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.
CVE-2011-2149 1 Smartertools 1 Smarterstats 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx.
CVE-2011-2141 1 Ibm 1 Datacap Taskmaster Capture 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-2080 1 Inventivetec 1 Mediacast 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm.
CVE-2011-1939 3 Debian, Php, Zend 3 Debian Linux, Php, Zend Framework 2026-06-16 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
CVE-2011-1933 1 Jifty\ 1 \ 2026-06-16 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Jifty::DBI before 0.68.
CVE-2011-1915 1 Infor 2 Eclient, Enspire Distribution Management Solution 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1913 1 Mercator 1 Sentinel 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1903 1 Proofpoint 2 Messaging Security Gateway, Protection Server 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2011-1722 2 Typo3, Webempoweredchurch 2 Typo3, Wec Discussion 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
CVE-2011-1686 1 Bestpractical 1 Rt 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
CVE-2011-1667 1 Xmedien 1 Anzeigenmarkt 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.