CWE-74: Injection

This CVE describes a command injection vulnerability in D-Link DCS700l IP cameras running firmware version 1.03.09. Attackers can remotely execute arb...

This vulnerability allows remote attackers to execute arbitrary commands on Bastillion systems through command injection in the System Management Modu...

This CVE describes a command injection vulnerability in Bastillion's Public Key Management System that allows remote attackers to execute arbitrary co...

This CVE describes a SQL injection vulnerability in code-projects Intern Membership Management System 1.0. Attackers can exploit the activity_id param...

This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to manipulate database queries through the Username param...

This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to manipulate database queries through the activity_id pa...

This SQL injection vulnerability in Intern Membership Management System 1.0 allows remote attackers to manipulate database queries via the admin_id pa...

This CVE describes a SQL injection vulnerability in code-projects Intern Membership Management System 1.0. Attackers can remotely exploit the /intern/...

This SQL injection vulnerability in CRMEB allows attackers to manipulate database queries through the cate_id parameter in the product export endpoint...

This SQL injection vulnerability in CRMEB allows attackers to manipulate database queries through the cate_id parameter in the product export endpoint...

This CVE describes a SQL injection vulnerability in the User Handler component of PKrystian Full-Stack-Bank. Attackers can remotely exploit this vulne...

This vulnerability allows remote attackers to execute arbitrary code on iCMS systems through code injection in the configuration parameter handler. At...

This vulnerability allows remote attackers to execute SQL injection attacks against BiggiDroid Simple PHP CMS 1.0 by manipulating the ID parameter in ...

CVE-2025-15148 is a code injection vulnerability in CmsEasy's backend template management that allows attackers to execute arbitrary code by manipulat...

This SQL injection vulnerability in EyouCMS allows attackers to manipulate database queries through the backend template management component. It affe...

This vulnerability allows remote attackers to execute arbitrary code through the addPost function in SyCms's administrative panel. It affects all vers...

This vulnerability allows remote attackers to execute SQL injection attacks against SeaCMS versions up to 13.3 through manipulation of the e_id parame...

This SQL injection vulnerability in FastAdmin's Backend Controller allows attackers to execute arbitrary SQL commands by manipulating the custom/searc...

This SQL injection vulnerability in Online Appointment Booking System 1.0 allows attackers to manipulate database queries through the managername para...

This SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 allows attackers to manipulate database queries through the /admin/sta...

CVE-2025-14900 is an SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 that allows attackers to manipulate database queries v...

CVE-2025-14898 is an SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 that allows attackers to execute arbitrary SQL command...

This SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 allows attackers to execute arbitrary SQL commands via the /admin/user...

This vulnerability in ZZCMS 2025 allows remote attackers to inject malicious code through the 'icp' parameter in the backend site configuration module...

This vulnerability allows remote attackers to execute arbitrary code on CTCMS Content Management System installations through code injection in the ba...

This vulnerability allows remote attackers to execute arbitrary code on CTCMS Content Management System installations up to version 2.1.2. The flaw ex...

This CVE describes a SQL injection vulnerability in ketr JEPaaS versions up to 7.2.8. Attackers can remotely exploit the readAllPostil function by man...

This vulnerability allows remote attackers to execute arbitrary commands on DedeBIZ systems through command injection in the catalog_add.php file. Att...

This CSV injection vulnerability in SourceCodester Inventory Management System 1.0 allows attackers to inject malicious formulas into exported CSV fil...

This vulnerability allows remote attackers to execute SQL injection attacks against AMTT Hotel Broadband Operation System 1.0 by manipulating the ID p...

This SQL injection vulnerability in JIZHICMS allows remote attackers to manipulate database queries through the aid/tid parameters in the comment func...

This SQL injection vulnerability in JIZHICMS allows attackers to execute arbitrary SQL commands through the batch comment deletion functionality. Atta...

This SQL injection vulnerability in SourceCodester Online Student Clearance System 1.0 allows attackers to manipulate database queries through the pas...

Campcodes Supplier Management System 1.0 contains a SQL injection vulnerability in the /admin/add_product.php file via the txtProductName parameter. T...

CVE-2025-13302 is an SQL injection vulnerability in code-projects Courier Management System 1.0 that allows attackers to manipulate database queries t...

CVE-2025-13075 is an SQL injection vulnerability in Responsive Hotel Site 1.0's admin/usersettingdel.php file that allows attackers to manipulate data...

CVE-2025-13076 is an SQL injection vulnerability in Responsive Hotel Site 1.0 that allows remote attackers to execute arbitrary SQL commands via the '...

This SQL injection vulnerability in SourceCodester Baby Care System 1.0 allows attackers to manipulate database queries through the msgid parameter in...

This SQL injection vulnerability in aaPanel BaoTa's backend allows attackers to manipulate database queries through the /database?action=GetDatabaseAc...

CVE-2025-12913 is a SQL injection vulnerability in Responsive Hotel Site 1.0 that allows remote attackers to manipulate database queries through the I...

This SQL injection vulnerability in Campcodes School File Management 1.0 allows attackers to manipulate database queries through the user_id parameter...

This CVE describes an SQL injection vulnerability in DedeBIZ content management system. Attackers can manipulate the 'orderby' parameter in /admin/fre...

This vulnerability allows remote attackers to execute SQL injection attacks against DedeBIZ content management systems through the /admin/templets_one...

CVE-2025-12855 is an SQL injection vulnerability in Responsive Hotel Site 1.0's newsletterdel.php admin file. Attackers can manipulate the 'eid' param...

CVE-2025-12856 is a SQL injection vulnerability in Responsive Hotel Site 1.0's reservation.php admin endpoint. Attackers can manipulate the email para...

CVE-2025-12857 is an SQL injection vulnerability in Responsive Hotel Site 1.0's roombook.php admin file that allows attackers to manipulate database q...

This SQL injection vulnerability in SourceCodester Best House Rental Management System 1.0 allows attackers to manipulate database queries through the...

CodeAstro Gym Management System 1.0 contains a SQL injection vulnerability in the /admin/view-progress-report.php file through manipulation of the ID ...

This SQL injection vulnerability in Simple Online Hotel Reservation System 2.0 allows attackers to manipulate database queries through the Name parame...

This vulnerability is an SQL injection flaw in the Food Ordering System 1.0 by code-projects, specifically in the /admin/deleteitem.php file via the i...