Vulnerabilities (CVE)

Filtered by CWE-89
Total 19675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2357 1 Eicrasoft 1 Eicra Realestate Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2354 1 Pilotgroup 1 Elms Pro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
CVE-2010-2342 1 Dmxready 1 Online Notebook Manager 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2010-2340 1 Arabportal 1 Arab Portal 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.
CVE-2010-2339 1 Subdreamer 1 Subdreamer 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.
CVE-2010-2338 1 Vunet 1 Vu Web Visitor Analyst 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2335 1 Yamamah 1 Yamamah 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
CVE-2010-2319 1 Idevspot 1 Textads 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2010-2317 1 Wmsdesign 1 Wmscms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.
CVE-2010-2312 1 Hauntmax 1 Haunted House Directory Listing Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.
CVE-2010-2257 1 Payperviewvideosoftware 1 Pay Per Minute Video Chat Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2010-2255 2 Joomla, Tamlyncreative 4 Joomla\!, Com Bfsurvey Basic, Com Bfsurvey Pro and 1 more 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2254 2 Joomla, Shape5 2 Joomla\!, Bridge Of Hope Template 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
CVE-2010-2148 2 Joomla, Unisoft 2 Joomla\!, Com Mycar 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
CVE-2010-2142 1 Murat Ersoy 1 Cyberhost 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2141 1 Nitropowered 1 Nitro Web Gallery 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
CVE-2010-2140 1 Multishopcms 1 Multishop Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2139 1 Multishopcms 1 Multishop Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2135 1 Hazelpress 1 Hazelpress 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.
CVE-2010-2134 1 Http-solution 1 Project Man 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.