Vulnerabilities (CVE)

Filtered by CWE-89
Total 19704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4800 1 Baconmap 1 Baconmap 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVE-2010-4799 1 Chipmunk-scripts 1 Pwngame 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4797 1 Truworthit 1 Flex Timesheet 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2010-4796 1 Phpyun 1 Phpyun 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php.
CVE-2010-4795 2 Joomla, Joomlaseller 2 Joomla\!, Com Jscalendar 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4793 1 Site2nite 1 Auto E-manager 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2010-4791 2 Marcusg, Php-fusion 2 Mg User Fotoalbum Panel, Php-fusion 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
CVE-2010-4784 1 Phpwebscripts 1 Easy Banner Free 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2010-4782 1 Softwebsnepal 1 Ananda Real Estate 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
CVE-2010-4780 1 Enanocms 1 Enano Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4776 1 Preprojects 1 Pre Online Tests Generator 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
CVE-2010-4774 1 Auracms 1 Auracms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
CVE-2010-4771 1 Matteoiammarrone 1 S-cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4770 1 Commodityrentals 1 Dvd Rentals Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
CVE-2010-4752 1 Lightneasy 1 Lightneasy 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4751 1 Lightneasy 1 Lightneasy 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.
CVE-2010-4739 2 Aretimes, Joomla 2 Com Maianmedia, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
CVE-2010-4738 1 Raemedia 1 Real Estate Single And Multi Agent System 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
CVE-2010-4737 1 Hotwebscripts 1 Hotweb Rentals 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
CVE-2010-4736 1 Gatesoft 1 Docusafe 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.