Vulnerabilities (CVE)

Filtered by CWE-89
Total 19556 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2147 1 Phpwebthings 1 Phpwebthings 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2144 3 Edgewall, Firestats, Wordpress 3 Firestats, Firestats, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2142 1 Zipstore 1 Zip Store Chat 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
CVE-2009-2128 1 Elvinbts 1 Elvinbts 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.
CVE-2009-2123 1 Elvinbts 1 Elvinbts 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
CVE-2009-2122 2 Paolo Palmonari, Wordpress 2 Photoracer Plugin For Wordpress, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2120 1 Tekbase 1 Tekbase All-in-one 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative access.
CVE-2009-2113 1 Fretsweb Project 1 Fretsweb 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
CVE-2009-2106 2 Projektseminar Proservice Wwu, Typo3 2 Virtual Civil Services, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2105 1 Kasper Skrhj 1 References Database 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2103 2 Steve Grundell, Typo3 2 Frontend Mp3 Player, Typo3 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2102 2 Com Jumi, Joomla 2 Com Jumi, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
CVE-2009-2099 2 Ijoomla, Joomla 2 Com Rssfeeder, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2009-2098 1 Micheal Glazer 1 Phportal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-2097 1 Zokisoft 1 Zoki Catalog 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2096 1 David Degner 1 Phpcollegeexchange 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
CVE-2009-2093 1 Ibm 1 Websphere Partner Gateway 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-2082 1 Creative Web Solutions 1 Multi-level Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-2036 1 Geekbill 1 Open Biller 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-2034 1 Ricardo Alexandre De Oliveira Staudt 1 Yogurt 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.