Vulnerabilities (CVE)

Filtered by CWE-89
Total 19704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4505 1 Injader 1 Injader 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.
CVE-2010-4503 1 Aigaion 1 Aigaion 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
CVE-2010-4500 1 Mrcgiguy 1 Freeticket 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4496 1 Tibco 2 Activecatalog, Collaborative Information Manager 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4404 2 Anything-digital, Joomla 2 Sh404sef, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4400 1 Dynpg 1 Dynpg 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
CVE-2010-4365 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
CVE-2010-4363 1 Mrcgiguy 1 Freeticket 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.
CVE-2010-4362 1 Micronetsoft 1 Rv Dealer Website 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
CVE-2010-4360 1 Jurpo 1 Jurpopage 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4359 1 Jurpo 1 Jurpopage 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2010-4357 1 Boka 1 Siteengine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
CVE-2010-4356 1 Site2nite 1 Big Truck Broker 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.
CVE-2010-4298 1 Dustincowell 1 Free Simple Software 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
CVE-2010-4284 1 Samsung 1 Data Management Server 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4280 1 Artica 1 Pandora Fms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
CVE-2010-4273 1 Accimoveis 1 Descargarvista Acc Imoveis 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4272 2 Joomla, Pulseinfotech 2 Joomla\!, Com Sponsorwall 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4271 1 Impresscms 1 Impresscms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4269 1 O-dyn 1 Collabtive 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.