CWE-89: SQL Injection

Online Food Ordering System v1.0 contains unauthenticated SQL injection vulnerabilities in the routers/user-router.php resource. Attackers can execute...

Online Food Ordering System v1.0 has unauthenticated SQL injection vulnerabilities in the '*_balance' parameter of routers/user-router.php. Attackers ...

Online Food Ordering System v1.0 has unauthenticated SQL injection vulnerabilities in the 'status' parameter of routers/edit-orders.php. Attackers can...

Online Food Ordering System v1.0 has unauthenticated SQL injection vulnerabilities in the routers/router.php resource, allowing attackers to execute a...

Online Food Ordering System v1.0 has unauthenticated SQL injection vulnerabilities in the 'phone' parameter of routers/details-router.php, allowing at...

Online Food Ordering System v1.0 has unauthenticated SQL injection vulnerabilities in the phone parameter of the registration router. Attackers can ex...

Online Food Ordering System v1.0 contains unauthenticated SQL injection vulnerabilities in the routers/add-users.php endpoint. Attackers can exploit t...

Online Bus Booking System v1.0 contains unauthenticated SQL injection vulnerabilities in the login.php file, allowing attackers to execute arbitrary S...

Online Bus Booking System v1.0 contains unauthenticated SQL injection vulnerabilities in the bus_info.php file. Attackers can execute arbitrary SQL co...

Online Bus Booking System v1.0 contains unauthenticated SQL injection vulnerabilities in the bus_info.php file's 'date' parameter. Attackers can execu...

Online Examination System v1.0 contains unauthenticated SQL injection vulnerabilities in the feed.php resource's email parameter. Attackers can execut...

This SQL injection vulnerability in wuzhicms v4.1.0 allows remote attackers to execute arbitrary SQL commands through the database backup functionalit...

This SQL injection vulnerability in the WordPress User Activity Log plugin allows attackers to execute arbitrary SQL commands on the database. It affe...

This SQL injection vulnerability in WordPress Contact Form Entries plugin allows authenticated attackers to execute arbitrary SQL commands on the data...

This SQL injection vulnerability in WooCommerce Product Vendors allows attackers to execute arbitrary SQL commands on affected WordPress sites. It aff...

This CVE describes an unauthenticated SQL injection vulnerability in the GamiPress WordPress plugin. Attackers can execute arbitrary SQL commands with...

CVE-2023-36263 is a critical SQL injection vulnerability in the Prestashop opartlimitquantity module. Attackers can execute arbitrary SQL commands via...

This SQL injection vulnerability in PrestaShop themevolty modules allows remote attackers to execute arbitrary SQL commands through multiple component...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the CSV Feeds PRO module. Attac...

This SQL injection vulnerability in TRtek Software Education Portal allows attackers to execute arbitrary SQL commands by injecting malicious input. I...

This CVE describes a critical SQL injection vulnerability in D-Link DAR-7000 Online Behavior Audit Gateway. Attackers can exploit the editrole.php com...

Online Art Gallery v1.0 contains unauthenticated SQL injection vulnerabilities in the 'lnm' parameter of header.php. Attackers can execute arbitrary S...

This vulnerability allows attackers to execute arbitrary SQL commands through the 'id' parameter in the Packers and Movers Management System. Attacker...

This CVE describes a critical SQL injection vulnerability in PHPGurukul Nipah Virus Testing Management System v1.0 that allows remote attackers to exe...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on PrestaShop installations using the vulnerable 'Step by Step p...

Unauthenticated SQL injection in IDAttend's IDWeb application allows attackers to extract or modify all database data without credentials. This affect...

Unauthenticated SQL injection vulnerability in IDAttend's IDWeb application allows attackers to extract or modify all database data without authentica...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on IDAttend's IDWeb application. Attackers can extract or modify ...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against IDAttend's IDWeb application. Attackers can extract or mo...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against IDAttend's IDWeb application. Attackers can extract or mo...

Unauthenticated attackers can execute arbitrary SQL queries against IDAttend's IDWeb application, potentially extracting or modifying all database dat...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against IDAttend's IDWeb application. Attackers can extract or mo...

This SQL injection vulnerability in Sitolog sitologapplicationconnect v7.8.a and earlier allows attackers to execute arbitrary SQL commands via the /a...

This CVE describes a SQL injection vulnerability in DM Concept configurator for PrestaShop. Attackers can exploit the ConfiguratorAttachment::getAttac...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries on PrestaShop installations using the 'Rotator Img' module. Attac...

This SQL injection vulnerability in the WordPress ChatBot plugin allows unauthenticated attackers to execute arbitrary SQL queries through the $strid ...

This SQL injection vulnerability in Best Courier Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'id' parameter in /e...

CVE-2023-46007 is a critical SQL injection vulnerability in Best Courier Management System 1.0 that allows attackers to execute arbitrary SQL commands...

CVE-2023-45951 is a SQL injection vulnerability in lylme_spage v1.7.0 that allows attackers to execute arbitrary SQL commands via the $userip paramete...

This vulnerability allows attackers to execute arbitrary SQL commands on D-Link DAR-7000 Online Behavior Audit Gateway devices via the /log/mailrecvvi...

This SQL injection vulnerability in the extratabspro PrestaShop module allows unauthenticated attackers to execute arbitrary SQL commands. All PrestaS...

This SQL injection vulnerability in Phpgurukul's User Registration & Login and User Management System allows attackers to bypass authentication and ex...

This CVE describes SQL injection vulnerabilities in the AfterMail module for PrestaShop that allow remote attackers to execute arbitrary SQL commands....

This CVE describes a critical SQL injection vulnerability in Plixer Scrutinizer's csvExportReport endpoint. Unauthenticated attackers can execute arbi...

This SQL injection vulnerability in Biltay Technology Kayisi allows attackers to execute arbitrary SQL commands, potentially leading to command line e...

Hansun CMS v1.0 contains a SQL injection vulnerability in the /ajax/ajax_login.ashx component that allows attackers to execute arbitrary SQL commands....

This SQL injection vulnerability in the Turna Advertising Administration Panel allows attackers to execute arbitrary SQL commands by injecting malicio...

This SQL injection vulnerability in Prixan prixanconnect allows attackers to execute arbitrary SQL commands through the importProducts() function. It ...

This SQL injection vulnerability in the KnowBand SuperCheckout module allows remote attackers to execute arbitrary SQL commands via crafted requests t...

CVE-2023-3038 is a critical SQL injection vulnerability in HelpDezk Community version 1.1.10 that allows remote attackers to execute arbitrary SQL que...