CWE-89: SQL Injection

CVE-2022-36276 is a critical SQL injection vulnerability in TCMAN GIM v8.0.1 that allows remote attackers to execute arbitrary SQL commands via the 'S...

This CVE describes a SQL injection vulnerability in PrestaShop e-commerce software that allows back-office users to perform unauthorized database oper...

CVE-2022-38074 is a SQL injection vulnerability in the VeronaLabs WP Statistics WordPress plugin that allows authenticated attackers to execute arbitr...

This SQL injection vulnerability in MedData HBYS allows attackers to execute arbitrary SQL commands on the database. It affects all HBYS installations...

CVE-2021-42369 is a SQL injection vulnerability in Imagicle Application Suite for Cisco UC, allowing low-privileged users to inject SQL statements via...

A SQL injection vulnerability in the OPCUA interface of Gallagher Command Centre allows remote unprivileged operators to modify databases undetected. ...

CVE-2026-28501 is an unauthenticated SQL injection vulnerability in WWBN AVideo that allows attackers to execute arbitrary SQL commands without authen...

This vulnerability allows SQL injection through TLS-SRP handshake parameters, enabling attackers to inject known credentials into the database. Succes...

CVE-2026-21410 is a SQL injection vulnerability in SAT MasterSCADA BUK-TS web interface that allows attackers to execute arbitrary SQL commands. Succe...

CVE-2026-26198 is a critical SQL injection vulnerability in Ormar ORM for Python that allows attackers to execute arbitrary SQL queries. Unauthorized ...

An unauthenticated SQL injection vulnerability in Order Up Online Ordering System 1.0 allows attackers to execute arbitrary SQL commands via the store...

CVE-2019-25459 is an unauthenticated SQL injection vulnerability in Web Ofisi Emlak V2 real estate software. Attackers can inject SQL code through mul...

This is a critical SQL injection vulnerability in Kolay Software Inc.'s Talentics platform that allows attackers to execute arbitrary SQL commands. It...

CVE-2025-70152 is an unauthenticated SQL injection vulnerability in the Community Project Scholars Tracking System 1.0 that allows attackers to execut...

CodeAstro Membership Management System 1.0 contains a SQL injection vulnerability in the print_membership_card.php file via the ID parameter. This all...

CVE-2025-70981 is a critical SQL injection vulnerability in CordysCRM 1.4.1 that allows attackers to execute arbitrary SQL commands through the depart...

This SQL injection vulnerability in Farktor Software's E-Commerce Package allows attackers to execute arbitrary SQL commands through the application. ...

CVE-2026-25993 is a second-order SQL injection vulnerability in EverShop eCommerce platform that allows attackers to execute arbitrary SQL commands. A...

This SQL injection vulnerability in Xpoda Studio allows attackers to execute arbitrary SQL commands on the database. All users running Xpoda Studio ve...

This is a critical SQL injection vulnerability in Payload CMS versions before 3.73.0 that allows unauthenticated attackers to extract sensitive data a...

An unauthenticated SQL injection vulnerability in Fortinet FortiClientEMS allows attackers to execute arbitrary SQL commands via crafted HTTP requests...

This SQL injection vulnerability in Martcode Software's Delta Course Automation allows attackers to execute arbitrary SQL commands on the database. Al...

This SQL injection vulnerability in PEAR's user::maintains() function allows attackers to execute arbitrary SQL commands when role filters are provide...

This CVE describes an unauthenticated SQL injection vulnerability in PEAR's package retrieval endpoint. Attackers can execute arbitrary SQL commands b...

A SQL injection vulnerability in PEAR's bug subscription deletion feature allows attackers to execute arbitrary SQL commands by manipulating email val...

This CVE describes a SQL injection vulnerability in PEAR, a PHP component framework, where unsafe literal substitution in karma queries allows attacke...

This SQL injection vulnerability in PEAR's category deletion function allows attackers with category manager access to execute arbitrary SQL commands....

This SQL injection vulnerability in Shandong Kede Electronics' IoT smart water meter monitoring platform allows remote attackers to execute arbitrary ...

CVE-2025-57529 is a critical SQL injection vulnerability in YouDataSum CPAS Audit Management System that allows remote unauthenticated attackers to ex...

This SQL injection vulnerability in DIGITA Efficiency Management System allows attackers to execute arbitrary SQL commands on the database. All system...

CVE-2025-69562 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

CVE-2025-69563 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

This SQL injection vulnerability in the WP Lead Capturing Pages WordPress plugin allows attackers to execute arbitrary SQL commands on the database. I...

A SQL injection vulnerability in Devolutions Server's remote-sessions component allows attackers to execute arbitrary SQL commands. This affects Devol...

CVE-2025-70892 is a critical SQL injection vulnerability in Phpgurukul Cyber Cafe Management System v1.0 that allows attackers to execute arbitrary SQ...

BeeS Software Solutions BET Portal contains a critical SQL injection vulnerability in its login functionality, allowing attackers to execute arbitrary...

This vulnerability allows attackers to execute arbitrary SQL commands through the proId parameter in master/review_action.php. It affects all installa...

This SQL injection vulnerability in Print Shop Pro WebDesk allows remote attackers to execute arbitrary SQL commands by manipulating the hfInventoryDi...

This SQL injection vulnerability in the VanKarWai Lobo WordPress theme allows attackers to execute arbitrary SQL commands through specially crafted in...

This SQL injection vulnerability in the Automotive Listings WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It af...

This SQL injection vulnerability in the Workreap WordPress theme plugin allows attackers to execute arbitrary SQL commands on the database. It affects...

This SQL injection vulnerability in the Felan Framework WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affect...

This SQL injection vulnerability in the WooCommerce Orders & Customers Exporter plugin allows attackers to execute arbitrary SQL commands on WordPress...

ClipBucket v5 versions 5.5.2-#187 and below contain a blind SQL injection vulnerability in the comment functionality. Attackers can exploit this by in...

An SQL injection vulnerability in Hyper Data Protector allows remote attackers to execute unauthorized SQL commands. This affects all systems running ...

This SQL injection vulnerability in the online-movie-booking system allows attackers to execute arbitrary SQL commands through the movie_details.php e...

This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems allows attackers to bypass authentication and potentially access sensitive d...

This SQL injection vulnerability in the BWL Pro Voting Manager WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

CVE-2024-44065 is a critical SQL injection vulnerability in Cloudlog v2.6.15 that allows attackers to execute arbitrary SQL commands through the qsore...

This SQL injection vulnerability in the CRM Perks Integration for Contact Form 7 HubSpot WordPress plugin allows attackers to execute arbitrary SQL co...