Vulnerabilities (CVE)

Filtered by CWE-89
Total 19627 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1026 2 Mathon Nicolas, Typo3 2 Tmsw Cleandb, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1024 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1019 2 Sk-typo3, Typo3 2 Sk Simplegallery, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1018 2 Jochen Rau, Typo3 2 Sk Bookreview, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1017 2 Laurent Foulloy, Typo3 2 Sav Filter Months, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1016 2 Laurent Foulloy, Typo3 2 Sav Filter Selectors, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1015 2 Laurent Foulloy, Typo3 2 Sav Filter Abc, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1013 2 Fr.simon Rundell, Typo3 2 Pd Diocesedatabase, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1012 2 Mathias Schreiber, Typo3 2 Nf Cleandb, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1010 2 Matthias Kall, Typo3 2 Mk Wastebasket, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1009 2 Joachim-ruhs, Typo3 2 Educator, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1006 1 Typo3 2 Brainstorming, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1004 2 Mischa Heimann, Typo3 2 Yatse, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-10009 1 Ptome Project 1 Ptome 2026-06-16 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519.
CVE-2010-10007 1 Click-reminder Project 1 Click-reminder 2026-06-16 5.2 MEDIUM 5.5 MEDIUM
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2010-10003 1 Titlelink Project 1 Titlelink 2026-06-16 5.2 MEDIUM 5.5 MEDIUM
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is named b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351.
CVE-2010-0981 2 Joomla, Templateplazza 2 Joomla\!, Com Tpjobs 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
CVE-2010-0980 1 Mitchell Sleeper 1 L4d Stats 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.
CVE-2010-0974 1 Phpcityportal 1 Phpcityportal 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
CVE-2010-0973 1 Scripteverkauf 1 Domain Verkaus And Auktions Portal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.