Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2390 2 F-cimag-in, Joomla 2 Com Bookflip, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
CVE-2009-2389 1 Usolved 1 Newsolved 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
CVE-2009-2388 1 Shalwan 1 Opial 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2385 2 Fustrate, Simple Machines 2 Member Awards, Smf 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-2383 2 Blogtrafficexchange, Wordpress 2 Related-sites, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
CVE-2009-2366 1 Datachecknh 2 Forumpal, Forumpal Fe 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
CVE-2009-2365 1 Datachecknh 1 Gallerypal Fe 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2361 1 Osticket 1 Osticket 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
CVE-2009-2359 1 Yasinkaplan 1 Tekradius 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.
CVE-2009-2354 1 Nulllogic 1 Groupware 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2345 1 Clansphere 1 Clansphere 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
CVE-2009-2341 1 Shalwan 1 Opial 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-2340 1 Opial 1 Opial 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2339 1 Rentventory 1 Rentventory 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
CVE-2009-2337 1 W3bcms 2 Gaestebuch Guestbook Module, W3bcms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
CVE-2009-2326 1 Max Kervin 1 Kervinet Forum 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
CVE-2009-2311 2 Selbstzweck, Woltlab 2 Rgallery Plugin, Burning Board 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
CVE-2009-2310 1 Bow Der Kleine 1 X-blc 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2009-2309 1 Codice-cms 1 Codice Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.
CVE-2009-2308 2 Punbb, Punres 2 Punbb, Affiliates Mod 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.