Vulnerabilities (CVE)

Filtered by CWE-89
Total 19558 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3715 1 Maniacomputer 1 Mcshoutbox 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-3713 1 Morcego 1 Morcegocms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
CVE-2009-3712 1 Ebayclonescript 1 Ebay Clone 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
CVE-2009-3703 2 Fahlstad, Wordpress 2 Wp-forum, Wordpress 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
CVE-2009-3697 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
CVE-2009-3669 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
CVE-2009-3667 1 Adsdx 1 Adsdx 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
CVE-2009-3665 1 Nullam 1 Nullam Blog 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2009-3659 1 Stanback 1 Bs Counter 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-3645 2 Joomla, Joomlacache 2 Joomla\!, Com Cbresumebuilder 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
CVE-2009-3644 2 Joomla, Soundset 2 Joomla\!, Com Soundset 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
CVE-2009-3642 1 Frontrange 1 Heat 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-3632 1 Typo3 1 Typo3 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-3595 1 Vspanel 1 Vs Panel 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.
CVE-2009-3590 1 Vspanel 1 Vs Panel 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.
CVE-2009-3582 1 Sql-ledger 1 Sql-ledger 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
CVE-2009-3543 1 Phenotype-cms 1 Phenotype Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
CVE-2009-3533 1 John Beranek 1 Meeting Room Booking System 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.