Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2591 2 E-xoopport, Runcms 2 E-xoopport, Myannonces 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
CVE-2009-2590 1 Resalecode 1 Hutscripts Php Website Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2009-2585 1 Mlffat 1 Mlffat 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
CVE-2009-2579 1 Cs-cart 1 Cs-cart 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
CVE-2009-2573 1 Bioscripts 1 Minitwitter 2026-06-16 6.0 MEDIUM N/A
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
CVE-2009-2567 2 Almondsoft, Joomla 2 Almond Classifieds, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-2554 2 Joomla, Olle Johansson 2 Joomla, Jobline 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
CVE-2009-2553 1 Supersimple 1 Super Simple Blog Script 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2009-2545 1 Anelectron 1 Advanced Electron Forum 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2451 1 Mim.infinix 1 Infinix 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.
CVE-2009-2439 1 Web Development House 1 Alibaba Clone 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
CVE-2009-2436 1 Phponlinedatingsoftware 1 Myphpdating 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2009-2428 1 Tauschregal.de 1 Tausch Ticket Script 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.
CVE-2009-2427 1 Jobbr 1 Jobbr 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
CVE-2009-2423 1 Ebayclonescript 1 Ebay Clone 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.
CVE-2009-2402 1 Phpecho Cms 1 Phpecho Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
CVE-2009-2400 2 Fijiwebdesign, Joomla 2 Com Php, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-2395 2 Joomla, Joomlaworks 2 Joomla\!, Com K2 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
CVE-2009-2394 2 Mr Saphp Arabic Mobile, Smspages 2 Messages Library, Smspages 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
CVE-2009-2392 1 Virtuenetz 1 Virtue Online Test Generator 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.