CWE-89: SQL Injection

This SQL injection vulnerability in tramyardg Autoexpress 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 'id'...

This CVE describes a critical SQL injection vulnerability in Sourcecodester Employee Management System v1.0, allowing attackers to execute arbitrary S...

This SQL injection vulnerability in the pscartabandonmentpro PrestaShop module allows remote attackers to execute arbitrary SQL commands via the setEm...

This SQL injection vulnerability in KnowBand spinwheel v3.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the sendEmail(...

CVE-2024-28303 is a critical SQL injection vulnerability in Open Source Medicine Ordering System v1.0 that allows attackers to execute arbitrary SQL c...

CVE-2024-25227 is a critical SQL injection vulnerability in ABO.CMS version 5.8 that allows remote attackers to execute arbitrary SQL commands via the...

This SQL injection vulnerability in the SunnyToo stproductcomments module for PrestaShop allows remote attackers to execute arbitrary SQL commands. At...

This SQL injection vulnerability in Agro-School Management System 1.0 allows attackers to execute arbitrary SQL commands through the login page. Attac...

This SQL injection vulnerability in the Ultimate Member WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the ...

Scholars Tracking System 1.0 contains a SQL injection vulnerability in the Eligibility Information Update functionality that allows attackers to execu...

This SQL injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to execute arbitrary SQL commands through the Personal...

This SQL injection vulnerability in Badger Meter Monitool allows remote attackers to execute arbitrary SQL queries via the j_username parameter. Attac...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against PrestaShop installations using the 'CD Custom Fields 4 Or...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on PrestaShop websites using the 'Make an offer' module version 1...

CVE-2023-41014 is a critical SQL injection vulnerability in code-projects.org Online Job Portal 1.0 that allows attackers to execute arbitrary SQL com...

Hotel Booking Management v1.0 contains a SQL injection vulnerability in the id parameter of update.php, allowing attackers to execute arbitrary SQL co...

This CVE describes an SQL injection vulnerability in the pgx PostgreSQL driver for Go. An integer overflow when processing extremely large queries (ov...

CVE-2023-49547 is a critical SQL injection vulnerability in Customer Support System v1 that allows attackers to execute arbitrary SQL commands via the...

This SQL injection vulnerability in Customer Support System v1 allows attackers to execute arbitrary SQL commands via the subject parameter in the sav...

This CVE describes a SQL injection vulnerability in Petrol Pump Management Software v1.0 that allows attackers to execute arbitrary SQL commands via t...

CVE-2024-1981 is a critical SQL injection vulnerability in the WPvivid Backup and Migration WordPress plugin that allows unauthenticated attackers to ...

F-logic DataCube3 v1.0 has an unauthenticated SQL injection vulnerability that allows attackers to execute arbitrary SQL queries without authenticatio...

This SQL injection vulnerability in SEMCMS v4.8 allows remote attackers to execute arbitrary SQL commands through the SEMCMS_Menu.php component. Attac...

This CVE describes an unauthenticated SQL injection vulnerability in the Skymoonlabs MoveTo WordPress plugin. Attackers can execute arbitrary SQL comm...

The WP eCommerce plugin for WordPress has a critical SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL querie...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on PrestaShop installations using the affected ba_importer modul...

This disputed CVE claims Subrion CMS 4.2.1 has SQL injection vulnerability in ia.core.mysqli.php, potentially allowing attackers to execute arbitrary ...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the NotificationX plugin. Attackers can ...

Simple Stock System 1.0 contains a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This affects a...

This SQL injection vulnerability in Niushop B2B2C V5 allows attackers to execute arbitrary SQL commands through latitude and longitude parameters in t...

This SQL injection vulnerability in Niushop B2B2C V5 allows attackers to execute arbitrary SQL commands through the order_id parameter in the orderGoo...

A critical SQL injection vulnerability in Nagios XI 2024R1.01 allows remote attackers to execute arbitrary SQL commands via the monitoringwizard.php c...

This CVE describes a critical SQL injection vulnerability in PMB Services library management software that allows unauthenticated remote attackers to ...

ChurchCRM 5.5.0 contains a blind SQL injection vulnerability in FRCatalog.php via the CurrentFundraiser GET parameter. Attackers can exploit this to e...

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL injection via the 'MerchantReference' paramete...

This CVE describes a SQL injection vulnerability in Tongda OA software that allows attackers to execute arbitrary SQL commands via the $AFF_ID paramet...

This SQL injection vulnerability in POSTAHSİL Online Payment System allows attackers to execute arbitrary SQL commands through user inputs. It affect...

This SQL injection vulnerability in Utarit Information Technologies SoliPay Mobile App allows attackers to execute arbitrary SQL commands against the ...

CVE-2024-26264 is an unauthenticated SQL injection vulnerability in EBM Technologies RISWEB's query function. Remote attackers can execute arbitrary S...

Simple Expense Tracker v1.0 contains a SQL injection vulnerability in the category parameter at /endpoint/delete_category.php. This allows attackers t...

CVE-2024-25214 is an authentication bypass vulnerability in Employee Management System v1.0 that allows attackers to gain unauthorized access by injec...

Employee Management System v1.0 contains a SQL injection vulnerability in the mailud parameter at /aprocess.php. This allows attackers to execute arbi...

Task Manager App v1.0 contains a SQL injection vulnerability in the EditTask.php endpoint via the taskID parameter. This allows attackers to execute a...

Task Manager App v1.0 contains a SQL injection vulnerability in the projectID parameter at /TaskManager/EditProject.php. This allows attackers to exec...

Barangay Population Monitoring System 1.0 contains a SQL injection vulnerability in the delete-resident.php endpoint that allows attackers to execute ...

This SQL injection vulnerability in UNI-PA University Information System allows attackers to execute arbitrary SQL commands through user inputs. It af...

CVE-2024-24142 is a critical SQL injection vulnerability in School Task Manager 1.0 that allows attackers to execute arbitrary SQL commands via the 's...

This SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary SQL commands via a crafted script. Attackers could...

This SQL injection vulnerability in Gambio e-commerce software allows attackers to execute arbitrary SQL commands through crafted GET requests targeti...

This SQL injection vulnerability in Oduyo Financial Technology Online Collection allows attackers to execute arbitrary SQL commands by injecting malic...