CWE-89: SQL Injection

This SQL injection vulnerability in Grupo Embras GEOSIAP ERP allows attackers to execute arbitrary SQL commands via the codLogin parameter on the logi...

Mingsoft MCMS v5.2.9 contains a SQL injection vulnerability in the categoryType parameter at /content/list.do. This allows attackers to execute arbitr...

This SQL injection vulnerability in jeecg-boot version 3.5.3 allows remote attackers to execute arbitrary SQL commands via the jmreport/qurestSql comp...

PHPGurukul Small CRM 3.0 has a critical SQL injection vulnerability in the login panel's password parameter that allows attackers to execute arbitrary...

This SQL injection vulnerability in Ween Software Admin Panel allows attackers to execute arbitrary SQL commands through the admin interface. It affec...

This SQL injection vulnerability in GM Information Technologies MDO allows attackers to execute arbitrary SQL commands on the database. It affects all...

This SQL injection vulnerability in Documize version 5.4.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in the /ap...

This SQL injection vulnerability in Talent Software ECOP allows attackers to execute arbitrary SQL commands, potentially leading to command line execu...

This SQL injection vulnerability in 3CX CRM Integration allows attackers to execute arbitrary SQL commands by manipulating first name, search string, ...

CVE-2022-47532 is a SQL injection vulnerability in FileRun 20220519 that allows attackers to execute arbitrary SQL commands via the 'dir' parameter in...

Job Portal v1.0 contains unauthenticated SQL injection vulnerabilities in the login.php file, specifically in the 'txtUser' parameter. Attackers can e...

Job Portal v1.0 contains an unauthenticated SQL injection vulnerability in the 'cmbQual' parameter of Employer/InsertWalkin.php. Attackers can execute...

Job Portal v1.0 contains an unauthenticated SQL injection vulnerability in the 'cmbQual' parameter of Employer/InsertJob.php. Attackers can execute ar...

Student Result Management System v1.0 contains unauthenticated SQL injection vulnerabilities in the 'class_name' parameter of add_students.php. Attack...

CVE-2023-48720 is an unauthenticated SQL injection vulnerability in Student Result Management System v1.0's login.php page. Attackers can execute arbi...

Railway Reservation System v1.0 contains unauthenticated SQL injection vulnerabilities in the train.php resource's 'byname' parameter. Attackers can e...

CVE-2023-48716 allows unauthenticated attackers to execute arbitrary SQL commands through the 'class_id' parameter in add_classes.php. This affects St...

Railway Reservation System v1.0 contains unauthenticated SQL injection vulnerabilities in the 'from' parameter of reservation.php. Attackers can execu...

CVE-2023-48685 allows unauthenticated attackers to execute arbitrary SQL commands through the 'psd' parameter in Railway Reservation System v1.0's log...

S-CMS v5.0 contains a SQL injection vulnerability in the A_productauth parameter at /admin/ajax.php. This allows attackers to execute arbitrary SQL co...

S-CMS v5.0 contains a SQL injection vulnerability in the A_formauth parameter at /admin/ajax.php that allows attackers to execute arbitrary SQL comman...

S-CMS v5.0 contains a SQL injection vulnerability in the A_newsauth parameter at /admin/ajax.php that allows attackers to execute arbitrary SQL comman...

This SQL injection vulnerability in Softomi Advanced C2C Marketplace Software allows attackers to execute arbitrary SQL commands against the database....

CVE-2023-48433 allows unauthenticated attackers to execute arbitrary SQL commands against the Online Voting System Project v1.0 database through the u...

This CVE describes a SQL injection vulnerability in CuppaCMS V1.0, specifically in the edit_admin_table.php component. Attackers can execute arbitrary...

ArmorX Global Technology Corporation's ArmorX Spam software has a critical SQL injection vulnerability due to insufficient input validation. Unauthent...

This CVE describes a critical SQL injection vulnerability in the Cams Biometrics Zkteco/eSSL integration module for Odoo HR attendance systems. It all...

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (web_progress) Odoo module allows remote attackers to execute arbitrary SQL ...

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search module allows remote attackers to execute arbitrary SQL commands via th...

EmpireCMS v7.5 contains a SQL injection vulnerability in the ftppassword parameter at SetEnews.php. This allows attackers to execute arbitrary SQL com...

This SQL injection vulnerability in SunnyToo sturls module allows attackers to execute arbitrary SQL commands through the StUrls::hookActionDispatcher...

This SQL injection vulnerability in the Buy Addons bavideotab module for PrestaShop allows attackers to execute arbitrary SQL commands through the BaV...

This CVE describes a critical SQL injection vulnerability in the Starshop component for Joomla. Attackers can execute arbitrary SQL commands through t...

CVE-2023-40629 is a critical SQL injection vulnerability in the LMS Lite component for Joomla that allows attackers to execute arbitrary SQL commands....

Nagios XI versions before 5.11.3 contain a SQL injection vulnerability in the bulk modification tool that allows attackers to execute arbitrary SQL co...

This SQL injection vulnerability in SchedMD Slurm 23.11.x allows attackers to execute arbitrary SQL commands against the SlurmDBD database. Organizati...

This SQL injection vulnerability in Common Services soliberte allows attackers to manipulate database queries through the lat and lng parameters in po...

CVE-2023-49363 is a critical SQL injection vulnerability in Rockoa versions before 2.3.3 that allows attackers to execute arbitrary SQL commands. This...

CVE-2023-49429 is a SQL injection vulnerability in Tenda AX9 routers that allows attackers to execute arbitrary SQL commands through the 'mac' paramet...

CVE-2023-48823 is a critical blind SQL injection vulnerability in GaatiTrack Courier Management System 1.0 that allows unauthenticated attackers to ex...

This SQL injection vulnerability in the Burst Statistics WordPress plugin allows unauthenticated attackers to inject malicious SQL queries via the 'ur...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the vulnerable 'Product Tag Ico...

RuoYi versions up to 4.6 contain a SQL injection vulnerability in the /system/dept/edit endpoint that allows attackers to execute arbitrary SQL comman...

This SQL injection vulnerability in ArslanSoft Education Portal allows attackers to execute arbitrary SQL commands through the application. It affects...

This SQL injection vulnerability in Voovi Social Networking Script version 1.0 allows remote attackers to execute arbitrary SQL queries via the id par...

This SQL injection vulnerability in Voovi Social Networking Script version 1.0 allows remote attackers to execute arbitrary SQL queries through the em...

This SQL injection vulnerability in Voovi Social Networking Script version 1.0 allows remote attackers to execute arbitrary SQL queries via the id and...

This vulnerability allows remote attackers to execute arbitrary SQL queries through the photo.php file in Voovi Social Networking Script version 1.0. ...

This SQL injection vulnerability in Voovi Social Networking Script version 1.0 allows remote attackers to execute arbitrary SQL queries via the editpr...

This SQL injection vulnerability in Apache Cocoon allows attackers to execute arbitrary SQL commands on affected systems. It affects Apache Cocoon ver...