Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2307 1 Maxdev 2 Cwguestbook, Md-pro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.
CVE-2009-2290 2 Joomla, Kim Eckert 2 Joomla\!, Com Bsadv 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
CVE-2009-2276 2 Biglle, Punbb 2 Vote For Us Extension, Punbb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
CVE-2009-2269 1 Phome Empire 1 Phome Empire Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.
CVE-2009-2254 1 Zen-cart 1 Zen Cart 2026-06-16 7.5 HIGH N/A
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
CVE-2009-2243 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2242 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2009-2239 1 Joomla 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2236 1 Yourarticlesdirectory 1 Your Articles Directory 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2235 1 Yourarticlesdirectory 1 Your Articles Directory 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2234 1 Vicidial 1 Call Center Suite 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).
CVE-2009-2232 1 Softbizscripts 1 Banner Ad Management Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2230 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
CVE-2009-2209 1 Rs-cms 1 Rs-cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2009-2179 1 W2b 1 Phpdatingclub 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
CVE-2009-2167 1 Egyplus 1 7ammel 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CVE-2009-2164 1 Kjtechforce 1 Mailman 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
CVE-2009-2157 1 Torrenttrader 1 Torrenttrader Classic 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php.
CVE-2009-2154 1 Sappy.dk 1 Impleo Music Collection 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2152 1 Isabela Gasparini 1 Adaptweb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.