Vulnerabilities (CVE)

Filtered by CWE-89
Total 19558 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3531 1 Universe 1 Universe Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3529 1 Radscripts 1 Radbids 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
CVE-2009-3528 1 Al4us 1 Mymsg 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.
CVE-2009-3514 1 Marcin Manek 1 D.net Cms 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVE-2009-3510 1 Dataspheric 1 Linkspheric 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.
CVE-2009-3505 1 Vastal 1 Mmorpg Zone 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
CVE-2009-3504 1 Alibabaclone 1 Alibaba Clone 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3503 1 Bpowerhouse 1 Bpholidaylettings 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
CVE-2009-3502 1 Bpowerhouse 1 Bpmusic 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
CVE-2009-3501 1 Bpowerhouse 1 Bpstudents 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.
CVE-2009-3500 1 Bpowerhouse 1 Bpgames 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
CVE-2009-3499 1 Bpowerhouse 1 Bplawyercasedocuments 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2009-3498 1 Hbcms 1 Hbcms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2009-3497 1 Vastal 1 Agent Zone 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3495 1 Vastal 1 Dvd Zone 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
CVE-2009-3494 1 Todor Lazarov 1 T-htb Manager 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
CVE-2009-3491 2 Joomla, Kinfusion 2 Joomla\!, Com Sportfusion 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
CVE-2009-3480 2 Isygen, Joomla 2 Icrm Basic, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3446 2 Joomla, Rick Estrada 2 Joomla, Com Mytube 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
CVE-2009-3443 2 Fastballproductions, Joomla 2 Com Fastball, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.