Vulnerabilities (CVE)

Filtered by CWE-89
Total 19572 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4060 1 Cubecart 1 Cubecart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
CVE-2009-4059 2 .joomclan, Joomla 2 Com Joomclip, Joomla\! 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
CVE-2009-4058 1 Telebidauctionscript 1 Telebid Auction Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.
CVE-2009-4057 2 Inertialfate, Joomla 2 Com If Nexus, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
CVE-2009-4046 1 Frontaccounting 1 Frontaccounting 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
CVE-2009-4045 1 Frontaccounting 1 Frontaccounting 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
CVE-2009-4037 1 Frontaccounting 1 Frontaccounting 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
CVE-2009-4015 1 Debian 1 Lintian 2026-06-16 7.5 HIGH N/A
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
CVE-2009-3975 1 Moagallery 1 Moa 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.
CVE-2009-3974 1 Invisioncommunity 1 Invision Power Board 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number.
CVE-2009-3973 1 Turnkeyarcade 1 Turnkey Arcade Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
CVE-2009-3972 2 Joomla, Qproje 2 Joomla\!, Com Siirler 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVE-2009-3971 2 Joomla, Jtips 2 Joomla\!, Com Jtips 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVE-2009-3970 1 Phpdirsubmit 1 Php Dir Submit 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
CVE-2009-3968 1 Itechscripts 1 Itechbids 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
CVE-2009-3967 1 Ed Charkow 1 Supercharged Linking 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3965 1 Maniacomputer 1 New5starrating 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
CVE-2009-3964 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjamonials 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2009-3961 1 Jos De Ruijter 1 Superseriousstats 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information.
CVE-2009-3913 1 Xerox 1 Fiery Webtools 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.