Filtered by CWE-89
Filtered by vendor Subscriptions
Total 18709 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-6091 1 Jiro 1 Banner System 2025-04-09 N/A
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
CVE-2009-1317 1 Aquacms 1 Aqua Cms 2025-04-09 N/A
Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php.
CVE-2009-3443 2 Fastballproductions, Joomla 2 Com Fastball, Joomla 2025-04-09 N/A
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.
CVE-2008-5097 1 Myfwb 1 Myfwb 2025-04-09 N/A
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2008-2453 1 Phpclassifiedsscript 1 Php Classifieds Script 2025-04-09 N/A
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
CVE-2007-6128 1 Flor De Utopia 1 Workingonweb 2025-04-09 N/A
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
CVE-2009-3203 1 Ajsquare 1 Aj Auction Pro-oopd 2025-04-09 N/A
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-1911 1 1024 Cms 1 1024 Cms 2025-04-09 N/A
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
CVE-2009-1038 1 Yap 1 Yap Blog 2025-04-09 N/A
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
CVE-2008-1890 2 Azrul, Joomla 2 Jom Comment, Joomla 2025-04-09 N/A
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6158 1 Proverbs 1 Proverbs Web Calendar 2025-04-09 N/A
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
CVE-2008-3254 1 Precoc 1 Precms 2025-04-09 N/A
SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
CVE-2008-3419 1 Greatclone 1 Youtuber Clone 2025-04-09 N/A
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
CVE-2009-1468 1 Icewarp 2 Email Server, Webmail Server 2025-04-09 N/A
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
CVE-2008-6873 1 Activewebsoftwares 1 Active Web Mail 2025-04-09 N/A
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2008-6874 1 Aspsiteware 1 Autodealer 2025-04-09 N/A
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
CVE-2008-1847 1 Coronamatrix 1 Phpaddressbook 2025-04-09 N/A
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3758 1 Citrix 1 Xencenterweb 2025-04-09 N/A
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6217 1 Irola 1 My-time 2025-04-09 N/A
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-3913 1 Xerox 1 Fiery Webtools 2025-04-09 N/A
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.