Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3116 1 Uiga 1 Church Portal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.
CVE-2009-3082 1 Snowhall 1 Silurus System 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3081 1 Uiga 1 Church Portal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3063 2 Indianpulses, Joomla 2 Com Gameserver, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
CVE-2009-3062 1 Phplivesupport. 1 Phplive\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
CVE-2009-3061 1 Alqa6ari 1 Script Q R 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3059 1 Allpublication 1 Jboard 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
CVE-2009-3054 2 Artetics, Joomla 2 Com Artportal, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
CVE-2009-3052 2 Absoluteanime, Phpbb 2 Prime Quick Style, Phpbb 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.
CVE-2009-3042 1 Ocsinventory-ng 1 Ocs Inventory Ng 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
CVE-2009-3040 1 Ocsinventory-ng 1 Ocs Inventory Ng 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
CVE-2009-2978 1 Sugarcrm 1 Sugarcrm 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2933 1 Piwigo 1 Piwigo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
CVE-2009-2929 1 Tgs-cms 1 Tgs Content Management 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
CVE-2009-2927 1 Digitalspinners 1 Ds Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
CVE-2009-2926 1 Phpcompet.free 1 Php Competition System 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
CVE-2009-2924 1 Videosbroadcastyourself 1 Videos Broadcast Yourself 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
CVE-2009-2921 1 Mocdesigns 1 Php News 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
CVE-2009-2915 1 2fly 1 Gift Delivery System 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
CVE-2009-2895 1 Phpsugar 1 Ultimate Regnow Affiliate 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.