CWE-89: SQL Injection

This vulnerability allows attackers to execute arbitrary SQL commands via the 'id' parameter in the Cinema Seat Reservation System 1.0. This can lead ...

CVE-2024-25314 is a critical SQL injection vulnerability in Code-projects Hotel Management System 1.0 that allows attackers to execute arbitrary SQL c...

This vulnerability allows attackers to execute arbitrary SQL commands via the 'eid' parameter in the Hotel Management System admin panel. It affects C...

This SQL injection vulnerability in the InnovaDeluxe 'Manufacturer or supplier alphabetical search' module for PrestaShop allows remote attackers to e...

This SQL injection vulnerability in the Boostmyshop module for PrestaShop allows remote attackers to execute arbitrary SQL commands. Attackers can esc...

This SQL injection vulnerability in Daily Habit Tracker v1.0 allows remote attackers to execute arbitrary SQL commands via crafted GET requests to del...

This vulnerability allows attackers to execute arbitrary SQL commands on PrestaShop installations using the Op'art Easy Redirect module. Attackers can...

This SQL injection vulnerability in the WP Booking Calendar WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through ...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands by manipulating offset, limit, a...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands by manipulating offset, limit, a...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to inject malicious SQL commands via offset, limit, and sort param...

CVE-2024-24811 is a critical SQL injection vulnerability in SQLAlchemyDA that allows unauthenticated attackers to execute arbitrary SQL statements on ...

CVE-2024-24133 is a critical SQL injection vulnerability in Atmail v6.6.0 that allows attackers to execute arbitrary SQL commands via the username par...

A critical SQL injection vulnerability in the RM bookingcalendar module for PrestaShop allows remote attackers to execute arbitrary SQL commands via t...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands via crafted offset, limit, and s...

CVE-2024-24004 is a critical SQL injection vulnerability in jshERP v3.3 that allows attackers to bypass the application's SQL protection mechanism. At...

jshERP v3.3 contains a SQL injection vulnerability in the findallocationDetail() function that allows attackers to bypass the application's protection...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands via crafted offset, limit, and s...

CVE-2024-24112 is a SQL injection vulnerability in xmall v1.1 that allows attackers to execute arbitrary SQL commands via the orderDir parameter. This...

This SQL injection vulnerability in Stock Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in mana...

This vulnerability allows unauthenticated attackers to perform SQL injection against GTB Central Console, enabling them to change the administrator pa...

JFinalCMS 5.0.0 contains a SQL injection vulnerability in the /admin/content/data endpoint that allows attackers to execute arbitrary SQL commands. Th...

This vulnerability allows attackers to execute arbitrary SQL commands through the report export feature in Zoho ManageEngine ADAudit Plus. Organizatio...

This SQL injection vulnerability in Enterprise Architect allows attackers to execute arbitrary SQL commands through the Find parameter in the Select C...

CVE-2024-24141 is a critical SQL injection vulnerability in the School Task Manager App 1.0 that allows attackers to execute arbitrary SQL commands vi...

This SQL injection vulnerability in Quest Analytics IQCRM allows remote attackers to execute arbitrary SQL commands via crafted requests to the Common...

This CVE describes a SQL injection vulnerability in LlamaIndex's Text-to-SQL feature that allows attackers to execute arbitrary SQL commands through n...

This vulnerability allows attackers to execute arbitrary SQL commands through the YonBIP HR attendance script controller. It affects organizations usi...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the mib module from MyPresta.eu...

This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on PrestaShop installations using the vulnerable Jms Settin...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the Stripe Payment Plugin for WooCommerc...

This SQL injection vulnerability in Mergen Software Quality Management System allows attackers to execute arbitrary SQL commands through unvalidated u...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Database Administrator plugin. Atta...

CVE-2023-0224 is an SQL injection vulnerability in the GiveWP WordPress plugin that allows unauthenticated attackers to execute arbitrary SQL commands...

A critical SQL injection vulnerability in oretnom23 Judging Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the s...

This CVE describes a critical SQL injection vulnerability in oretnom23 Judging Management System v1.0. Attackers can exploit the sub_event_id paramete...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks on WordPress sites using the LearnPress plugin. Attack...

Wuzhicms v4.1.0 contains a SQL injection vulnerability in the $keywords parameter at /core/admin/copyfrom.php. This allows attackers to execute arbitr...

CVE-2023-6921 is a blind SQL injection vulnerability in the PrestaShow Google Integrator addon for PrestaShop that allows attackers to extract or modi...

A SQL injection vulnerability in ABO.CMS v5.9.3 allows remote attackers to execute arbitrary SQL commands via the 'd' parameter in the Documents modul...

Travel Website v1.0 contains unauthenticated SQL injection vulnerabilities in the hotelDetails.php resource, allowing attackers to execute arbitrary S...

Travel Website v1.0 has unauthenticated SQL injection vulnerabilities in the loginAction.php file, specifically in the username parameter. Attackers c...

Travel Website v1.0 contains an unauthenticated SQL injection vulnerability in the booking.php resource's hotelIDHidden parameter. Attackers can execu...

Online Notice Board System v1.0 contains unauthenticated SQL injection vulnerabilities in the registration.php resource. Attackers can execute arbitra...

Online Notice Board System v1.0 contains unauthenticated SQL injection vulnerabilities in the user/update_profile.php endpoint. Attackers can execute ...

Billing Software v1.0 contains unauthenticated SQL injection vulnerabilities in the partylist_edit_submit.php resource, allowing attackers to execute ...

Billing Software v1.0 contains unauthenticated SQL injection vulnerabilities in the buyer_invoice_submit.php file, specifically in the 'customer_detai...

Billing Software v1.0 contains unauthenticated SQL injection vulnerabilities in the submit_delivery_list.php resource. Attackers can exploit the 'quan...

Billing Software v1.0 contains unauthenticated SQL injection vulnerabilities in the 'itemnameid' parameter of material_bill.php?action=itemRelation. T...

This SQL injection vulnerability in Ekol Informatics Website Template allows attackers to execute arbitrary SQL commands through user inputs. All webs...