Vulnerabilities (CVE)

Filtered by CWE-89
Total 19540 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1065 1 Getpixie 1 Pixie Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1049 1 Kamads 1 Bloginator 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-1038 1 Yap 1 Yap Blog 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
CVE-2009-1034 1 Drupal 1 Tasklist 2026-06-16 10.0 HIGH N/A
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
CVE-2009-1033 1 Deluxebb 1 Deluxebb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
CVE-2009-1032 1 Yabsoft 1 Advanced Image Hosting Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
CVE-2009-1027 1 Opencart 1 Opencart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2009-1026 1 Kimwebsites 1 Kim Websites 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2009-1024 1 Beerwin 1 Phplinkadmin 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
CVE-2009-1023 1 Phpcomasy 1 Phpcomasy 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
CVE-2009-0968 2 Fahlstad, Wordpress 2 Fmoblog Plugin, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-0965 1 Ismail Fahmi 1 Ganesha Digital Library 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
CVE-2009-0963 1 Xlinesoft 1 Phprunner 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
CVE-2009-0883 1 Amunak 1 Blue Eye Cms 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
CVE-2009-0882 1 Roman Bogorodskiy 1 Nforum 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
CVE-2009-0881 1 Josema Enzo 1 Isiajax 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0863 1 Matteoiammarrone 1 S-cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-0851 1 Stewart Howe 1 Celerbb 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.
CVE-2009-0832 2 Ausimods, Php-fusion 2 E-cart, Php-fusion 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.
CVE-2009-0831 1 Php-fusion 2 Members Cv Module, Php-fusion 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.