Vulnerabilities (CVE)

Filtered by CWE-89
Total 19704 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4268 2 Joomla, Pulseinfotech 2 Joomla\!, Com Flipwall 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4257 1 Wordpress 1 Wordpress 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
CVE-2010-4186 1 Onlinetechtools.com 1 Oasys Professional 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4185 1 Energine 1 Energine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
CVE-2010-4166 1 Joomla 1 Joomla\! 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
CVE-2010-4152 1 4site 1 4site Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
CVE-2010-4151 1 Deluxebb 1 Deluxebb 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
CVE-2010-4147 1 Avactis 1 Avactis Shopping Cart 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
CVE-2010-4144 1 Aspindir 1 Kisisel Radyo Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.
CVE-2010-4143 1 Phpcheckz 1 Phpcheckz 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4006 2 Wsn, Wsnlinks 3 Links, Wsn Links, Wsn Links 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
CVE-2010-3929 1 Modxcms 1 Evolution 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.
CVE-2010-3924 1 Aimluck 1 Aipo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3922 1 Sixapart 1 Movabletype 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3662 1 Typo3 1 Typo3 2026-06-16 6.5 MEDIUM 8.8 HIGH
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
CVE-2010-3608 1 Wire Plastic Design 1 Wpquiz 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
CVE-2010-3604 2 Alex Kellner, Typo3 2 Powermail, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3601 1 Invisionpower 1 Ibphotohost 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2010-3485 1 Lightneasy 1 Lightneasy 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-3484 1 Lightneasy 1 Lightneasy 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.