Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3217 1 Wiccle 1 Iwiccle 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
CVE-2009-3215 2 Joomla, Php-shop-system 2 Joomla, Ixxo Cart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2009-3212 1 Dimofinf 1 Infinity Script 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2009-3209 1 Raizlabs 1 Php Email Manager 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-3208 1 Prakashatma Mishra 1 Phpfreebb 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
CVE-2009-3205 1 Cbauthority 1 Cbauthority 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
CVE-2009-3203 1 Ajsquare 1 Aj Auction Pro-oopd 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3193 2 Joomla, Uwix 2 Joomla, Com Digifolio 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
CVE-2009-3190 1 Pad-site-scripts 1 Pad Site Scripts 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.
CVE-2009-3185 1 Comsenz 2 Crazy Star Plugin, Discuz\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
CVE-2009-3184 1 Grapari 1 E-gold Game Series Pirates Of The Caribbean 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.
CVE-2009-3175 1 Boldfx 1 Model Agency Manager Pro 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.
CVE-2009-3165 1 Mozilla 1 Bugzilla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-3154 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-3150 1 Multi-website 1 Multi Website 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
CVE-2009-3148 1 Portalxp 1 Portalxp 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
CVE-2009-3125 1 Mozilla 1 Bugzilla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2009-3119 2 Php-fusion, X-iweb.ru 2 Php-fusion, Download System Msf 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.
CVE-2009-3118 1 Danneo 1 Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.
CVE-2009-3117 1 Snowhall 1 Silurus System 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.