Vulnerabilities (CVE)

Filtered by CWE-89
Total 19524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6950 1 Webhost-panel 1 Bankoi Webhosting Control Panel 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
CVE-2008-6941 1 Turnkeyforms 1 Web Hosting Directory 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2008-6923 1 Joomla 2 Com Content, Joomla 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
CVE-2008-6917 1 Exoscripts 1 Exophpdesk 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
CVE-2008-6911 1 Brewblogger 1 Brewblogger 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6907 1 2532gigs 1 2532gigs 2026-06-16 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
CVE-2008-6892 1 Peel 1 Peel 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
CVE-2008-6890 1 Codetoad 1 Asp Forum Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
CVE-2008-6889 1 Activewebsoftwares 1 Aspreferral 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
CVE-2008-6887 1 Preprojects 1 Pre Classified Listings 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
CVE-2008-6880 1 Easysitenetwork 1 Jokes Complete Website 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6875 1 Humayun Shabbir Bhutta 1 Asp Product Catalog 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
CVE-2008-6874 1 Aspsiteware 1 Autodealer 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
CVE-2008-6873 1 Activewebsoftwares 1 Active Web Mail 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2008-6867 1 Scripts For Sites 1 Ez Career 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2008-6866 1 Php-nuke 1 Current Issue Module 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.
CVE-2008-6865 2 Php-nuke, Phpnuke 2 Sections Module, Php-nuke 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
CVE-2008-6853 1 Netcat 1 Netcat 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.