Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3327 1 Webilix 1 Wx-guestbook 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3326 1 Cmscontrol 1 Cmscontrol 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.
CVE-2009-3325 2 Focusdev, Joomla 2 Com Surveymanager, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2009-3321 1 Saphplesson 1 Saphplesson 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
CVE-2009-3319 1 Dimofinf 1 Dawaween 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.
CVE-2009-3316 2 Jforjoomla, Joomla 2 Com Jreservation, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2009-3315 1 Nelogic 1 Nephp Publisher 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
CVE-2009-3314 1 Eliteladders 1 Elite Gaming Ladders 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
CVE-2009-3313 1 Fmyclone 1 Fmyclone 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
CVE-2009-3310 1 Shalwan 1 Zainu 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.
CVE-2009-3309 1 Cfshopkart 1 Cf Shopkart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
CVE-2009-3308 1 Fanupdate 1 Fanupdate 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2009-3259 1 Thomas Cuchta 1 Rash 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3255 1 Thomas Cuchta 1 Rash 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.
CVE-2009-3252 1 Dave Robinson 1 Rockbandcms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
CVE-2009-3246 1 Mybuxscript 1 Pts-bux 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.
CVE-2009-3226 1 Almondsoft 2 Affiliate Network Classifieds, Almond Classifieds 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information.
CVE-2009-3224 2 68classifieds, Classified-software 2 68 Classifieds, Super Mod System 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
CVE-2009-3223 1 Inoutscripts 1 Inout Adserver 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2009-3218 1 The-ghost 1 Ar Web Content Manager 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.