Vulnerabilities (CVE)

Filtered by CWE-89
Total 19623 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0158 2 Joomla, Joomlabamboo 2 Joomla, Jb Simpla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.
CVE-2010-0147 1 Cisco 1 Security Agent 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0139 1 Cisco 1 Unified Meetingplace 2026-06-16 9.0 HIGH N/A
Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.
CVE-2010-0122 1 Timeclock-software 1 Employee Timeclock Software 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
CVE-2010-0115 1 Symantec 2 Web Gateway, Web Gateway Appliance 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.
CVE-2010-0112 1 Symantec 1 Im Manager 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.
CVE-2009-5102 1 Atcom 1 Netvolution 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
CVE-2009-5094 1 Cmsfaethon 1 Cms Faethon 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
CVE-2009-5091 1 Vlinks 1 Vlinks 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-5090 1 Daman371 1 Bloggeruniverse 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.
CVE-2009-5088 1 Ideacart 1 Ideacart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.
CVE-2009-5026 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 6.8 MEDIUM N/A
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
CVE-2009-5003 1 E-soft24 1 Banner Exchange Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
CVE-2009-4992 1 Script-shop24 1 Lm Starmail Paidmail 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-4985 1 Websitesrus 1 Accessories Me Php Affiliate Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.
CVE-2009-4982 1 Irokez 1 Irokez Cms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.
CVE-2009-4979 1 Keil-software 1 Photokorn Gallery 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters.
CVE-2009-4973 1 Sweetphp 1 Totalcalendar 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.
CVE-2009-4971 2 Typo3, Vincent Tietz 2 Typo3, Vjchat 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-4970 2 Typo3, Typo3-macher 2 Typo3, T3m Affiliate 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.