CWE-89: SQL Injection

An unauthenticated SQL injection vulnerability in Fikir Odalari AdminPando 1.0.1 allows attackers to bypass authentication completely. Successful expl...

CVE-2025-57792 is a critical SQL injection vulnerability in Explorance Blue software that allows unauthenticated attackers to execute arbitrary SQL co...

This critical SQL injection vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on internet-exposed services. Successful ...

This SQL injection vulnerability in Blood Bank Management System 1.0 allows attackers to bypass authentication by injecting malicious SQL code through...

Multiple SQL injection vulnerabilities in the ycf1998 money-pos system allow remote attackers to execute arbitrary SQL commands via the orderby parame...

Saurus CMS Community Edition 4.7.1 contains a critical SQL injection vulnerability in the DB::prepare() function due to improper use of preg_replace()...

This SQL injection vulnerability in ADOdb allows attackers to execute arbitrary SQL commands when applications connect to SQLite3 databases and call m...

This SQL injection vulnerability in Rolantis Agentis allows attackers to execute arbitrary SQL commands through unvalidated user input. It affects all...

This is a critical SQL injection vulnerability in ADOdb PHP database library affecting PostgreSQL connections. Attackers can execute arbitrary SQL sta...

DESCOR INFOCAD versions 3.5.1 and earlier contain a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the databas...

This SQL injection vulnerability in Koha library management software allows attackers to execute arbitrary SQL commands via the supplierid or serialid...

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows attackers to execute arbitrary SQL commands on the d...

This SQL injection vulnerability in the TAX SERVICE Electronic HDM WordPress plugin allows attackers to execute arbitrary SQL commands on the database...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the LearnPress plugin. Attackers can ext...

The Woo Inquiry WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This ...

This is an unauthenticated SQL injection vulnerability in the WordPress WishList Member X plugin. Attackers can execute arbitrary SQL queries on affec...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the WP Hotel Booking plugin. By manipula...

The Dokan Pro WordPress plugin contains an unauthenticated SQL injection vulnerability in the 'code' parameter. Attackers can exploit this to execute ...

This is a critical SQL injection vulnerability in SuiteCRM that allows attackers to execute arbitrary SQL commands through the events response entry p...

This CVE describes a SQL injection vulnerability in the Amazon JDBC Driver for Redshift when using the unsupported 'preferQueryMode=simple' connection...

This SQL injection vulnerability in parse-server allows attackers to execute arbitrary SQL commands when the server is configured with PostgreSQL. It ...

This SQL injection vulnerability in the PostgreSQL JDBC Driver (pgjdbc) allows attackers to bypass parameterized query protections when using PreferQu...

This SQL injection vulnerability in QNAP Video Station allows authenticated attackers to execute arbitrary SQL commands via network requests. It affec...

Election Services Co. Internet Election Service has multiple SQL injection vulnerabilities that allow unauthenticated remote attackers to read or modi...

This CVE describes a critical SQL injection vulnerability in the social-media-skeleton project that allows UNION-based injections, which can lead to r...

CVE-2023-25813 is a critical SQL injection vulnerability in Sequelize ORM for Node.js where user-provided parameters passed through replacements are n...

CVE-2022-2421 is a critical vulnerability in the Socket.io JavaScript library that allows attackers to inject malicious function references into query...

This vulnerability allows unauthenticated remote attackers to execute arbitrary SQL statements against Rockwell Automation FactoryTalk AssetCentre dat...

This critical vulnerability in Rockwell Automation FactoryTalk AssetCentre allows remote, unauthenticated attackers to execute arbitrary SQL statement...

This critical vulnerability in Rockwell Automation FactoryTalk AssetCentre allows remote, unauthenticated attackers to execute arbitrary SQL statement...

CVE-2022-21643 is a critical SQL injection vulnerability in USOC CMS that allows attackers to execute arbitrary SQL commands through the registration ...

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows remote attackers to execute arbitrary code on affec...

CVE-2021-42313 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows remote attackers to execute arbitrary code on affec...

This critical SQL injection vulnerability in Dell EMC Avamar Server's Fitness Analyzer allows remote unauthenticated attackers to execute arbitrary SQ...

OpenEMR versions before 8.0.0 contain an SQL injection vulnerability in the Patient REST API endpoint that allows authenticated users with API access ...

Multiple authenticated SQL injection vulnerabilities in UISP Application version 2.4.206 and earlier allow attackers with low-privilege accounts to ex...

An SQL injection vulnerability in Apache Traffic Control's Traffic Ops component allows authenticated users with specific privileged roles (admin, fed...

This CVE describes an SQL injection vulnerability in Zabbix's CUser class that allows non-admin users with API access to execute arbitrary SQL queries...

ZoneMinder versions 1.37.64 and earlier contain a boolean-based SQL injection vulnerability in the event.php component. This allows attackers to execu...

This SQL injection vulnerability in the Daily Prayer Time WordPress plugin allows authenticated attackers with Contributor-level access or higher to e...

This SQL injection vulnerability in the WP Easy Gallery WordPress plugin allows authenticated attackers with subscriber-level access or higher to exec...

This SQL injection vulnerability in the MDTF WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicio...

This SQL injection vulnerability in the OSM OpenStreetMap WordPress plugin allows authenticated attackers with contributor-level access or higher to i...

This SQL injection vulnerability in the Blog2Social WordPress plugin allows authenticated attackers with subscriber-level access or higher to inject m...

This SQL injection vulnerability in the Quiz And Survey Master WordPress plugin allows authenticated attackers with contributor-level access or higher...

This SQL injection vulnerability in SysAid allows attackers to execute arbitrary SQL commands on the database. It affects organizations using vulnerab...

This SQL injection vulnerability in the wpForo Forum WordPress plugin allows authenticated attackers with contributor-level access or higher to inject...

This CVE describes an unauthenticated SQL injection vulnerability in the WordPress Automatic plugin (ValvePress Automatic). Attackers can execute arbi...

This is a critical SQL injection vulnerability in Spiceworks Help Desk Server that allows authenticated attackers to execute arbitrary SQL commands vi...

CVE-2023-45162 is a blind SQL injection vulnerability in 1E Platform that allows attackers to execute arbitrary SQL commands, potentially leading to r...