Vulnerabilities (CVE)

Filtered by CWE-89
Total 19704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4735 1 Ecommercemax 1 Digital-goods Seller 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
CVE-2010-4721 1 Mhproducts 1 Immo Makler 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4720 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
CVE-2010-4703 1 Hotwebscripts 1 Hotweb Rentals 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4702 2 Fxwebdesign, Joomla 2 Com Jradio, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4700 1 Php 1 Php 2026-06-16 6.8 MEDIUM N/A
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
CVE-2010-4696 1 Joomla 1 Joomla\! 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4641 1 Xwiki 1 Xwiki 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4639 1 Intendance 1 Mysource Matrix 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4638 2 Iptechinside, Joomla 2 Com Jquarks4s, Joomla\! 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
CVE-2010-4636 1 Site2nite 1 Business E-listings 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2010-4635 1 Site2nite 1 Vacation Rental Listings 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2010-4633 1 Sumeffect 1 Digishop 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.
CVE-2010-4632 1 Pilotcart 1 Pilot Cart 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
CVE-2010-4619 1 Webscripti 1 Mafya Oyun Scrpti 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4615 1 Iskenderaltuntas 1 Oto Galeri Sistemi 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.
CVE-2010-4614 1 Mhproducts 1 Ero Auktion 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
CVE-2010-4612 1 Hycus 1 Hycus Cms 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
CVE-2010-4609 1 Html-edit 1 Html-edit Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
CVE-2010-4517 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.