CWE-89: SQL Injection

CVE-2023-34487 is a critical SQL injection vulnerability in itsourcecode Online Hotel Management System v1.0.0 that allows attackers to execute arbitr...

Lost and Found Information System v1.0 contains a SQL injection vulnerability in the admin contact information page that allows attackers to execute a...

Jeesite versions before commit 10742d3 contain a SQL injection vulnerability in the ActDao.xml component via the ${businessTable} parameter. This allo...

CVE-2023-33584 is a critical SQL injection vulnerability in Sourcecodester Enrollment System Project V1.0 that allows attackers to bypass authenticati...

This SQL injection vulnerability in WUZHICMS v4.1.0 allows remote attackers to execute arbitrary SQL commands through the checktitle() function in adm...

This SQL injection vulnerability in Marksoft allows attackers to execute arbitrary SQL commands through the Mobile, Login, and API components. Success...

Jeecg-Boot versions 3.5.0 and 3.5.1 contain a SQL injection vulnerability in the id parameter of the /jeecg-boot/jmreport/show interface. This allows ...

Simple Customer Relationship Management 1.0 contains a SQL injection vulnerability in the email parameter that allows attackers to execute arbitrary S...

This is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated attackers to execute arbitrary SQL commands aga...

CVE-2023-32754 is a critical SQL injection vulnerability in Thinking Software Efence's login function that allows unauthenticated attackers to execute...

This CVE describes a SQL injection vulnerability in the 'Length, weight or volume sell' (ailinear) module for PrestaShop versions before 2.4.3. Attack...

This vulnerability allows attackers to execute arbitrary SQL commands through the leocustomajax module in PrestaShop. It affects all websites running ...

This vulnerability allows attackers to execute arbitrary SQL commands on PrestaShop installations using the PostFinance payment module version 17.1.13...

This SQL injection vulnerability in bloofox v0.5.2.1 allows attackers to execute arbitrary SQL commands via the gid parameter in the admin interface. ...

This SQL injection vulnerability in bloofox v0.5.2.1 allows attackers to execute arbitrary SQL commands via the tid parameter in the admin panel. This...

This SQL injection vulnerability in bloofox v0.5.2.1 allows attackers to execute arbitrary SQL commands via the userid parameter in the admin interfac...

CVE-2023-34249 is a critical SQL injection vulnerability in benjjvi/PyBB bulletin board software that allows attackers to execute arbitrary SQL comman...

This SQL injection vulnerability in Satos Mobile allows attackers to execute arbitrary SQL commands by manipulating SOAP parameters. It affects all Sa...

This SQL injection vulnerability in TMT Lockcell allows attackers to execute arbitrary SQL commands on the database. It affects all Lockcell versions ...

CVE-2023-34581 is a critical SQL injection vulnerability in Service Provider Management System v1.0 that allows attackers to execute arbitrary SQL com...

The uListing WordPress plugin contains an SQL injection vulnerability in versions up to 1.6.6 that allows unauthenticated attackers to execute arbitra...

CVE-2023-29632 is a critical SQL injection vulnerability in PrestaShop's jmspagebuilder module that allows attackers to execute arbitrary SQL commands...

CVE-2023-29629 is a critical SQL injection vulnerability in the jmsthemelayout module for PrestaShop. Attackers can execute arbitrary SQL commands thr...

This SQL injection vulnerability in eMedia Consulting simpleRedak allows attackers to execute arbitrary SQL commands via the Activity parameter. Affec...

This SQL injection vulnerability in the City Autocomplete module for PrestaShop allows remote attackers to execute arbitrary SQL commands via frontend...

This is a critical SQL injection vulnerability in ELITE TECHNOLOGY CORP. Web Fax software that allows unauthenticated attackers to execute arbitrary S...

This SQL injection vulnerability in Erikoglu Technology ErMon allows attackers to execute arbitrary SQL commands, potentially leading to command line ...

KramerAV VIA GO² devices running software versions below 4.0.1.1326 contain a SQL injection vulnerability that allows attackers to execute arbitrary ...

BlueCMS v1.6 contains a SQL injection vulnerability in the search.php file's keywords parameter. This allows attackers to execute arbitrary SQL comman...

CVE-2022-24627 is an unauthenticated SQL injection vulnerability in AudioCodes Device Manager Express login form. Attackers can execute arbitrary SQL ...

This vulnerability allows unauthenticated attackers to execute blind SQL injection attacks via HTTP requests to the Store Commander scexportcustomers ...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via HTTP requests to the Store Commander scquickaccounting module...

This SQL injection vulnerability in AGT Tech Ceppatron allows attackers to execute arbitrary SQL commands, potentially leading to command line executi...

This SQL injection vulnerability in Cityboss E-municipality software allows attackers to execute arbitrary SQL commands through user input. It affects...

This SQL injection vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows attackers to execute arbitrary SQL commands on th...

CVE-2023-31752 is a critical SQL injection vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System v1.0 that allows attackers to...

Piwigo 13.6.0 contains a SQL injection vulnerability in the /admin/permalinks.php endpoint that allows attackers to execute arbitrary SQL commands. Th...

CVE-2023-33338 is a critical SQL injection vulnerability in Old Age Home Management 1.0 that allows attackers to execute arbitrary SQL commands via th...

CVE-2023-31707 is a critical SQL injection vulnerability in SEMCMS 1.5 that allows attackers to execute arbitrary SQL commands via the Ant_Rponse.php ...

This vulnerability allows attackers to execute arbitrary SQL commands through the date_from parameter in the admin reports page of Student Study Cente...

This vulnerability allows attackers to execute arbitrary SQL commands on PrestaShop installations using the cdesigner module version 3.1.9 or earlier....

IDURAR ERP/CRM v1 contains a SQL injection vulnerability in the login API endpoint that allows attackers to execute arbitrary SQL commands. This affec...

This vulnerability allows attackers to execute arbitrary SQL commands on PrestaShop websites using the posstaticblocks module version 1.0.0 or earlier...

This SQL injection vulnerability in Pharmacy Management System v1.0 allows attackers to execute arbitrary SQL commands via the email parameter during ...

This SQL injection vulnerability in Judging Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the crit_id parameter...

This vulnerability allows unauthenticated attackers to conduct SQL injection attacks against WordPress sites using the WP Visitor Statistics plugin. A...

This critical SQL injection vulnerability in PnPSCADA allows unauthenticated attackers to execute arbitrary SQL commands through the hitlogcsv.jsp end...

A critical SQL injection vulnerability in Judging Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the contestant_...

CVE-2023-29809 is a critical SQL injection vulnerability in Maximilian Vogt companymaps (cmaps) version 8.0 that allows remote attackers to execute ar...

PrestaShop possearchproducts module version 1.7 contains a SQL injection vulnerability in the PosSearch::find() function. This allows attackers to exe...