Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4922 1 Allinta 1 Allinta Cms 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.
CVE-2010-4906 1 Zenphoto 1 Zenphoto 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4941 2 Joomla, Joomlamo 2 Joomla\!, Com Teams 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
CVE-2010-4903 1 Cubecart 1 Cubecart 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
CVE-2010-4926 2 Joomla, Timetrack 2 Joomla\!, Com Timetrack 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
CVE-2010-4870 1 Bloofox 1 Bloofoxcms 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
CVE-2010-4865 2 Harmistechnology, Joomla 2 Com Jeguestbook, Joomla\! 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVE-2010-4937 2 Joomla, Robitbt 2 Joomla\!, Com Amblog 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2010-4363 1 Mrcgiguy 1 Freeticket 2018-10-10 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.
CVE-2010-4784 1 Phpwebscripts 1 Easy Banner Free 2018-10-10 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2010-4298 1 Dustincowell 1 Free Simple Software 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
CVE-2010-4899 1 Webmanager-pro 1 Cms Webmanager-pro 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4958 1 Pradoportal 1 Prado Portal 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2010-4152 1 4site 1 4site Cms 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
CVE-2010-4185 1 Energine 1 Energine 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
CVE-2010-4280 1 Artica 1 Pandora Fms 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
CVE-2010-4151 1 Deluxebb 1 Deluxebb 2018-10-10 6.8 MEDIUM N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
CVE-2010-4006 2 Wsn, Wsnlinks 3 Links, Wsn Links, Wsn Links 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
CVE-2010-3267 1 Ifdefined 1 Bugtracker.net 2018-10-10 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information.
CVE-2010-3188 1 Ifdefined 1 Bugtracker.net 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page.