CWE-89: SQL Injection

This SQL injection vulnerability in the PrestaShop 'Complete for Create a Quote in Frontend + Backend Pro' module allows attackers to execute arbitrar...

This CVE describes a critical SQL injection vulnerability in the Isotope module for PrestaShop. Attackers can exploit the saveData and removeData meth...

This SQL injection vulnerability in the RSI PDF/HTML catalog evolution module for PrestaShop allows unauthenticated attackers to execute arbitrary SQL...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the Themify WooCommerce Produ...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks against the Email Subscribers WordPress plugin. Attack...

CVE-2024-37699 is a critical SQL injection vulnerability in DataLife Engine's dboption component that allows attackers to execute arbitrary SQL comman...

This SQL injection vulnerability in the Youzify WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject mali...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on PrestaShop installations using the Channable module. It affec...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the vulnerable pk_themesettings...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on PrestaShop websites using the 'Custom links' module (pk_custom...

CVE-2024-37831 is a critical SQL injection vulnerability in Itsourcecode Payroll Management System 1.0 that allows attackers to execute arbitrary SQL ...

A SQL injection vulnerability in itsourcecode Billing System 1.0 allows local attackers to execute arbitrary SQL commands via the username parameter i...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Web Directory Free plugin. Attacker...

This SQL injection vulnerability in MegaBIP software allows attackers to execute arbitrary SQL commands, potentially gaining administrator privileges....

This vulnerability allows unauthenticated attackers to perform Blind SQL Injection attacks against Invision Community forums. Attackers can potentiall...

CVE-2024-36673 allows attackers to execute arbitrary SQL commands through the login.php page in Sourcecodester Pharmacy/Medical Store Point of Sale Sy...

CVE-2024-36779 is a critical SQL injection vulnerability in Sourcecodester Stock Management System v1.0 that allows attackers to execute arbitrary SQL...

This SQL injection vulnerability in the LifterLMS WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject ma...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the Email Subscribers by Icegram Express...

CVE-2024-5311 is a critical SQL injection vulnerability in DigiWin EasyFlow .NET that allows unauthenticated remote attackers to execute arbitrary SQL...

This SQL injection vulnerability in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the pas...

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in the /admin/category/view_category.php file in Diño ...

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in Diño Physics School Assistant. It affects all users...

This SQL injection vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows attackers to execute arbitrary SQL commands on the database...

J2EEFAST v2.7.0 contains a SQL injection vulnerability in the findPage function within SysTenantMapper.xml. This allows attackers to execute arbitrary...

A SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands via the ...

J2EEFAST v2.7.0 contains a SQL injection vulnerability in the findPage function of SysMsgPushMapper.xml that allows attackers to execute arbitrary SQL...

J2EEFAST v2.7.0 contains a SQL injection vulnerability in the findPage function of BpmTaskFromMapper.xml. This allows attackers to execute arbitrary S...

This SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands throu...

This SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands throu...

This SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0 allows attackers to execute arbitrary SQL commands throu...

This is a critical SQL injection vulnerability in Sante PACS Server PG that allows unauthenticated remote attackers to execute arbitrary code. Attacke...

CVE-2024-35409 is a critical SQL injection vulnerability in WeBid 1.1.2 that allows attackers to execute arbitrary SQL commands via the admin/tax.php ...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the Business Directory Plugin...

NASA AIT-Core v2.5.2 contains SQL injection vulnerabilities in the query_packets and insert functions that allow attackers to execute arbitrary SQL co...

This SQL injection vulnerability in Simple PHP Shopping Cart version 0.9 allows attackers to execute arbitrary SQL queries through the category_id par...

CVE-2024-4992 is a critical SQL injection vulnerability in SiAdmin 1.1 that allows remote attackers to execute arbitrary SQL queries via the nim param...

Budget Management 1.0 contains a SQL injection vulnerability in the delete parameter that allows attackers to execute arbitrary SQL commands. This aff...

CVE-2024-4893 is a critical SQL injection vulnerability in DigiWin EasyFlow .NET that allows remote attackers to execute arbitrary SQL commands. This ...

This SQL injection vulnerability in the CASAP Automated Enrollment System allows remote attackers to execute arbitrary SQL commands via the login.php ...

OFCMS V1.1.2 contains a SQL injection vulnerability in the new table function that allows attackers to execute arbitrary SQL commands. This affects al...

CVE-2024-4824 is a critical SQL injection vulnerability in School ERP Pro+Responsive 1.0 that allows remote attackers to execute arbitrary SQL queries...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the LearnPress plugin. Attack...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the bt_id parameter at /include/get_dict.aspx, allowing attackers to execute ...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the PageID parameter at /WebUtility/get_find_condiction.aspx. This allows att...

This SQL injection vulnerability in Sonic Shopfloor.guide's unit.php allows remote attackers to execute arbitrary SQL commands via the level2 paramete...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the file_id parameter at /filemanage/file_memo.aspx. This allows attackers to...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the filename parameter at /WorkFlow/OfficeFileDownload.aspx. This allows atta...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the tbTable parameter at /WebUtility/MF.aspx. This allows attackers to execut...

RuvarOA versions 6.01 and 12.01 contain a SQL injection vulnerability in the idlist parameter at /WorkFlow/wf_work_print.aspx. This allows attackers t...