Vulnerabilities (CVE)

Filtered by CWE-89
Total 19448 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4651 1 Jetbox 1 Jetbox Cms 2026-06-16 6.0 MEDIUM N/A
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
CVE-2008-4650 1 Mywebland 1 Myevent 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
CVE-2008-4647 1 Sweetcms 1 Sweetcms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-4643 1 Mywebland 1 Mystats 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-4642 1 Astrospaces 1 Astrospaces 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
CVE-2008-4633 1 Drupal 2 Drupal, Node Clone 2026-06-16 6.0 MEDIUM N/A
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
CVE-2008-4628 1 Mywebland 1 Minibloggie 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
CVE-2008-4627 2 Rgallery, Woltlab 2 Rgallery Plugin, Woltlab Burning Board 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
CVE-2008-4625 2 Shiftthis, Wordpress 2 Shifthis Newsletter, Wordpress 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
CVE-2008-4623 2 Joomla, Martin Diphoorn 2 Joomla, Com Ds-syndicate 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
CVE-2008-4621 1 Zeescripts 1 Zeeproperty 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
CVE-2008-4620 1 Mrbs 1 Mrbs 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
CVE-2008-4617 3 Joomla, Mambo-foundation, Pyxicom 3 Joomla, Mambo, Actualite 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4613 1 Portalapp 1 Portalapp 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2008-4611 1 Php Arsivimiz 1 Php Ziyaretci Defteri 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
CVE-2008-4606 1 Ip Reg 1 Ip Reg 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
CVE-2008-4605 1 Cafeengine 1 Easycafeengine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
CVE-2008-4604 1 Cafeengine 1 Easycafeengine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2008-4603 1 Igaming 1 Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
CVE-2008-4599 1 Mosaic Commerce 1 Mosaic Commerce 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.