Vulnerabilities (CVE)

CWE filter

CWE-89

Filter

5692 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-0651 1 Pedro Santana Codice 1 Cms 2008-09-05 7.5
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2008-0650 1 Simple Os Cms 1 Simple Os Cms 2008-09-05 7.5
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
CVE-2007-6484 1 Phprpg 1 Phprpg 2008-09-05 6.8
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-6469 1 Phprpg 1 Phprpg 2008-09-05 9.3
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6380 1 E-xoops 1 E-xoops 2008-09-05 7.5
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c)...
CVE-2007-6032 1 Aleris 1 Web Publishing Server 2008-09-05 7.5
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
CVE-2004-2754 1 Yabb 1 Yabb Se 2008-09-05 7.5
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
CVE-2003-1520 1 Fuzzymonkey 1 Myclassifieds 2008-09-05 6.8
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2003-1244 1 Phpbb Group 1 Phpbb 2008-09-05 7.5
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2002-2391 2 Webchat.org, Xoops 2 Xoops, Webchat 2008-09-05 7.5
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
CVE-2002-0999 1 Care 2002 1 Care 2002 2008-09-05 7.5
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.
CVE-2007-3652 1 Fascript 1 Faname 2008-09-05 6.8
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.