Vulnerabilities (CVE)

Filtered by CWE-89
Total 19555 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1742 1 Pc4arb 1 Pc4 Uploader 2026-06-16 7.5 HIGH N/A
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
CVE-2009-1741 1 Dutchmonkey 1 Dm Filemanager 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2009-1736 1 Joomla 2 Com Gsticketsystem, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
CVE-2009-1734 1 Omnisoftsol 1 Vidsharepro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2009-1731 1 Mlffat 1 Mlffat 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.
CVE-2009-1662 1 Recipescript 1 Recipe Script 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
CVE-2009-1661 1 Anoldman 1 Utopic 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
CVE-2009-1658 1 Realtywebware 1 Realty Web-base 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-1657 1 B2evolution 2 B2evolution, Starrating Plugin 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-1655 1 Easy-scripts 1 Answer And Question Script 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
CVE-2009-1651 1 2daybiz 1 Business Community Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2009-1650 1 Tenfourzero 1 Shutter 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
CVE-2009-1626 1 Will Kraft 1 Ez-blog 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2009-1622 1 Ecshop 1 Ecshop 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
CVE-2009-1613 1 Gowondesigns 1 Leap 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
CVE-2009-1585 1 R020 1 Tematres 2026-06-16 4.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1584 1 R020 1 Tematres 2026-06-16 6.0 MEDIUM N/A
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
CVE-2009-1548 1 Qsix 1 Blusky Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
CVE-2009-1509 1 Myiosoft 1 Ajaxportal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-1508 1 Keir Davis 1 X-forum 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.