Vulnerabilities (CVE)

Filtered by CWE-89
Total 19555 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1850 1 Benjamin Curtis 1 Phpbugtracker 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2009-1848 2 Joomla, Joomlame 2 Joomla, Com Agoragroup 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
CVE-2009-1843 1 Glenn Mcgurrin 1 Flash Quiz 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php.
CVE-2009-1842 1 Phpnuke 1 Php-nuke 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
CVE-2009-1819 1 2daybiz 1 Custom T-shirt Design Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1818 1 Maxcms 1 Maxcms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
CVE-2009-1816 1 Mygamescript 1 My Game Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
CVE-2009-1814 1 Jevontech 1 Phpenpals 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
CVE-2009-1813 1 Submitterscript 1 Submitterscript 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
CVE-2009-1812 1 Collector 1 Mygesuad 2026-06-16 6.0 MEDIUM N/A
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
CVE-2009-1810 1 Collector 1 Mycolex 2026-06-16 6.0 MEDIUM N/A
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
CVE-2009-1804 1 Videoscript 1 Youtube Video Script 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-1799 1 Sebastian-thiele 1 St-gallery 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
CVE-2009-1787 1 Phpdirsubmit 1 Php Dir Submit 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
CVE-2009-1778 1 Bigace 1 Bigace Cms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2009-1766 1 Teozkr 1 Lightopencms 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1764 1 Bokecc 1 Maxcms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
CVE-2009-1751 1 Realtywebware 1 Realty Web-base 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1747 1 26thavenue 1 Bspeak 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
CVE-2009-1746 1 Diangemilang 1 Dgnews 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.