Vulnerabilities (CVE)

Filtered by CWE-89
Total 19527 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0110 1 Riotpix 1 Riotpix 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2009-0109 1 Riotpix 1 Riotpix 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-0106 1 Phpauctions 1 Phpauctions 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2009-0104 1 Se-ed 1 Ezpack 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.
CVE-2008-7302 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
CVE-2008-7301 1 Sclek 1 Jsite 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7267 1 Boka 1 Siteengine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7226 2 Php-nuke, Phpnuke 2 Recipe Module, Php-nuke 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
CVE-2008-7210 1 Ming Han 1 Ajchat 2026-06-16 7.5 HIGH N/A
directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat.
CVE-2008-7208 1 Insane Visions 1 Onecms 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
CVE-2008-7169 2 Jabode, Joomla 2 Com Jabode, Joomla\! 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
CVE-2008-7153 1 Docebo 1 Docebo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2008-7145 1 Coronamatrix 1 Phpaddressbook 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-7120 1 Mrcgiguy 1 Hot Links Sql-php 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
CVE-2008-7119 1 Webidsupport 1 Webid 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7116 1 Webidsupport 1 Webid 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
CVE-2008-7114 1 Ifusionservices 1 Ifdate 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
CVE-2008-7097 1 Qsoft-inc 1 K-rate 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.
CVE-2008-7091 1 Pligg 1 Pligg Cms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVE-2008-7085 1 Thehockeystop 1 Hockeystats Online 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.