Vulnerabilities (CVE)

Filtered by CWE-89
Total 19746 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1663 2 Drupal, Icanlocalize 2 Drupal, Translation Management 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1653 1 Broadcom 1 Total Defense 2026-06-16 10.0 HIGH N/A
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
CVE-2011-1610 1 Cisco 1 Unified Communications Manager 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
CVE-2011-1609 1 Cisco 1 Unified Communications Manager 2026-06-16 8.5 HIGH N/A
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
CVE-2011-1562 1 Ecava 1 Integraxor 2026-06-16 7.5 HIGH N/A
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
CVE-2011-1557 1 Icloudcenter 1 Icjobsite 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1556 1 Aphpkb 1 Aphpkb 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
CVE-2011-1555 1 Aphpkb 1 Aphpkb 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information.
CVE-2011-1546 1 Aphpkb 1 Aphpkb 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
CVE-2011-1522 1 Doctrine-project 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.
CVE-2011-1480 1 Phpnuke 1 Php-nuke 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
CVE-2011-1390 1 Ibm 1 Rational Clearquest 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.
CVE-2011-1343 1 Ibm 1 Tivoli Netcool\/omnibus 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
CVE-2011-1342 1 Aimluck 2 Aipo, Aipo-asp 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1328 1 Radvision 1 Iview Suite 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1151 1 Joomla 1 Joomla\! 2026-06-16 6.4 MEDIUM 9.1 CRITICAL
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVE-2011-1100 1 Pixelpost 1 Pixelpost 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVE-2011-1064 1 Qibosoft 1 Qi Bo Cms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
CVE-2011-1061 1 Webmastersite 1 Wsn Guest 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
CVE-2011-1060 1 Webmastersite 1 Wsn Guest 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.