Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2894 1 Clone2009 1 Ebay Clone 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
CVE-2009-2892 1 Scripteen 1 Free Image Hosting Script 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
CVE-2009-2891 1 Phpscriptsnow 1 Riddles 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-2888 1 Phpscriptsnow 1 Hangman 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
CVE-2009-2886 1 Phpscriptsnow 1 President Bios 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2885 1 Phpscriptsnow 1 World\'s Tallest Buildings 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
CVE-2009-2883 1 Arabless 1 Saphplesson 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
CVE-2009-2881 1 Artis.imag 1 Basilic 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
CVE-2009-2790 1 Softbizscripts 1 Dating Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2788 1 Mobilelib 1 Mobilelib Gold 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
CVE-2009-2786 2 Punbb, Reputation 2 Punbb, Reputation 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2781 1 Arabportal 1 Arab Portal 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
CVE-2009-2779 1 Ajsquare 1 Aj Matrix Dna 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
CVE-2009-2777 1 Garagesalesjunkie 1 Garagesales Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-2776 1 Sellatsite.com 1 Smart Asp Survey 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-2775 1 Phparcadescript 1 Phparcadescript 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2774 1 Php-paid4mail 1 Php-paid4mail 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-2735 1 Sun-jester 1 Opennews 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.