CWE-89: SQL Injection

This SQL injection vulnerability in Hotel Management System allows attackers to execute arbitrary SQL commands through the book_id parameter in admin_...

This SQL injection vulnerability in the Chatbot with ChatGPT WordPress plugin allows unauthenticated attackers to execute arbitrary SQL commands by su...

CVE-2024-42843 is a critical SQL injection vulnerability in Projectworlds Online Examination System v1.0 that allows attackers to execute arbitrary SQ...

This critical SQL injection vulnerability in Dr.ID Access Control System allows unauthenticated attackers to execute arbitrary SQL commands remotely. ...

ZoneMinder CCTV software contains a time-based SQL injection vulnerability (CWE-89) that allows attackers to execute arbitrary SQL commands by manipul...

A SQL injection vulnerability in Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands via the email or pass...

This SQL injection vulnerability in PHPGurukul Old Age Home Management System allows attackers to execute arbitrary SQL commands through the forgot pa...

This SQL injection vulnerability in Kashipara Responsive School Management System allows attackers to execute arbitrary SQL commands through the teach...

This vulnerability allows SQL injection through the id parameter in classes/Master.php in SourceCodester Computer Laboratory Management System 1.0. At...

This SQL injection vulnerability in Janobe products allows attackers to execute arbitrary SQL queries through the 'Users' parameter in '/report/printl...

A critical SQL injection vulnerability in the PayPal, Credit Card and Debit Card Payment module allows attackers to execute arbitrary SQL queries thro...

A critical SQL injection vulnerability in Janobe products' payment module allows attackers to execute arbitrary SQL queries through the '/report/event...

A critical SQL injection vulnerability exists in the PayPal, Credit Card and Debit Card Payment module version 1.0, allowing attackers to execute arbi...

This is a critical SQL injection vulnerability in the payment module affecting version 1.0 of unspecified Janobe products. Attackers can exploit it to...

This SQL injection vulnerability in a payment module allows attackers to execute arbitrary SQL queries through the 'Attendance' and 'YearLevel' parame...

This is a critical SQL injection vulnerability in a payment processing component that allows attackers to execute arbitrary SQL queries. Attackers can...

This CVE describes a critical SQL injection vulnerability in a payment module, allowing attackers to execute arbitrary SQL queries via a crafted 'code...

This SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment version 1.0 allows attackers to execute arbitrary SQL queries through t...

This SQL injection vulnerability in E-Negosyo System version 1.0 allows attackers to execute arbitrary SQL commands through the '/admin/orders/control...

This SQL injection vulnerability in PuneethReddyHC Online Shopping System Advanced v1.0 allows attackers to execute arbitrary SQL commands through the...

This SQL injection vulnerability in Caterease software allows remote attackers to execute arbitrary SQL commands on affected systems. All organization...

This SQL injection vulnerability in Mikafon MA7 devices allows attackers to execute arbitrary SQL commands on the database. It affects Mikafon MA7 dev...

This SQL injection vulnerability in SiberianCMS allows attackers to execute arbitrary SQL commands on the database. It affects all SiberianCMS install...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the WpStickyBar plugin. Attackers can p...

This SQL injection vulnerability in Lost and Found Information System 1.0 allows remote attackers to execute arbitrary SQL commands via the id paramet...

CVE-2024-7202 is a critical SQL injection vulnerability in Simopro Technology's WinMatrix3 Web package that allows unauthenticated remote attackers to...

CVE-2024-7201 is a critical SQL injection vulnerability in the WinMatrix3 Web package from Simopro Technology. Unauthenticated remote attackers can ex...

This is a critical SQL injection vulnerability in R-HUB TurboMeeting's Virtual Meeting Password endpoint that allows unauthenticated remote attackers ...

CampCodes Supplier Management System v1.0 contains a SQL injection vulnerability in the admin view_order_items.php endpoint that allows attackers to e...

This SQL injection vulnerability in the Hospital Management System Project in ASP.Net MVC allows remote attackers to execute arbitrary SQL commands vi...

CVE-2024-39250 is an unauthenticated SQL injection vulnerability in EfroTech Timetrax v8.3 that allows attackers to execute arbitrary SQL commands via...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the PayPlus Payment Gateway plugin befo...

This SQL injection vulnerability in Universal Software Inc.'s FlexWater Corporate Water Management allows attackers to execute arbitrary SQL commands ...

CVE-2024-39907 is a critical SQL injection vulnerability in 1Panel, a web-based Linux server management control panel. The vulnerability allows attack...

ThinkSAAS v3.7.0 contains a SQL injection vulnerability in the name parameter at \system\action\update.php. This allows attackers to execute arbitrary...

This CVE describes a SQL injection vulnerability in the Pharmacy/Medical Store Point of Sale System version 1.0. Attackers can inject malicious SQL co...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks through the 'woof_author' parameter in the HUSKY – P...

This critical SQL injection vulnerability in AguardNet's Space Management System allows unauthenticated remote attackers to execute arbitrary SQL comm...

This SQL injection vulnerability in my-springsecurity-plus allows attackers to execute arbitrary SQL commands through the dataScope parameter in the /...

This SQL injection vulnerability in my-springsecurity-plus allows attackers to execute arbitrary SQL commands via the dataScope parameter in the /api/...

This SQL injection vulnerability in the Itsourcecode Payroll Management System allows remote attackers to execute arbitrary SQL commands through the i...

This CVE describes a critical SQL injection vulnerability in the Learning Management System Project In PHP With Source Code 1.0. Attackers can execute...

This vulnerability allows authenticated users to perform SQL injection attacks through the Address Book or InfoLog sorting functionality in EGroupware...

This SQL injection vulnerability in Eskooly Web Product v3.0 allows remote attackers to execute arbitrary SQL commands via the searchby parameter in a...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the UsersWP plugin. Attackers...

CVE-2024-5827 is a critical SQL injection vulnerability in Vanna v0.3.4's DuckDB integration that allows attackers to write arbitrary files to the ser...

This CVE describes a blind SQL injection vulnerability in S@M CMS (Concept Intermedia) search functionality. Attackers can execute arbitrary SQL queri...

This SQL injection vulnerability in Magarsus Consultancy SSO allows attackers to execute arbitrary SQL commands. It affects all versions from 1.0 befo...

CVE-2024-37843 is an unauthenticated SQL injection vulnerability in Craft CMS's GraphQL API endpoint. Attackers can execute arbitrary SQL commands wit...

The Quiz Maker WordPress plugin contains a time-based SQL injection vulnerability in the 'ays_questions' parameter that allows unauthenticated attacke...