CWE-89: SQL Injection

Medical Systems Co. Medisys Weblab Products v19.4.03 contains a SQL injection vulnerability in the WSDL files via the tem:statement parameter. This al...

CVE-2023-30092 is a critical SQL injection vulnerability in SourceCodester Online Pizza Ordering System v1.0 that allows attackers to execute arbitrar...

This SQL injection vulnerability in Victor CMS 1.0 allows attackers to execute arbitrary SQL commands through the post parameter in GET requests to /p...

This SQL injection vulnerability in the Bitcoin/AltCoin Payment Gateway WordPress plugin allows authenticated users to execute arbitrary SQL commands ...

Judging Management System v1.0 contains a SQL injection vulnerability in the review_se_result.php endpoint that allows attackers to execute arbitrary ...

CVE-2023-30242 is a critical SQL injection vulnerability in NS-ASG v6.3's /admin/add_ikev2.php component that allows attackers to execute arbitrary SQ...

Judging Management System v1.0 contains a SQL injection vulnerability in the result_sheet.php file via the event_id parameter. This allows attackers t...

Judging Management System v1.0 contains a SQL injection vulnerability in the review_result.php endpoint via the mainevent_id parameter. This allows at...

Judging Management System v1.0 contains a SQL injection vulnerability in the edit_judge.php endpoint via the judge_id parameter. This allows attackers...

CVE-2023-1730 is a critical SQL injection vulnerability in the SupportCandy WordPress plugin. Unauthenticated attackers can exploit this to execute ar...

CVE-2023-26781 is a critical SQL injection vulnerability in mccms 2.6 that allows remote attackers to execute arbitrary SQL commands through the Autho...

This is a critical SQL injection vulnerability in wangmarket CMS that allows remote attackers to execute arbitrary SQL commands. Attackers can manipul...

OURPHP versions up to 7.2.0 contain a SQL injection vulnerability in the background/admin interface. This allows attackers to execute arbitrary SQL co...

This CVE describes a SQL injection vulnerability in the PrestaShop 'Ask for a Quote' module versions 5.4.2 and earlier. It allows remote attackers to ...

CVE-2012-5872 is a blind SQL injection vulnerability in ARC (ARC2) RDF store software that allows attackers to execute arbitrary SQL commands through ...

This is a critical SQL injection vulnerability in the Bdroppy module for PrestaShop that allows remote attackers to execute arbitrary SQL commands. At...

CVE-2023-23753 is a critical SQL injection vulnerability in the Visforms Base Package extension for Joomla 3. Attackers can exploit this to execute ar...

This vulnerability allows attackers to execute arbitrary SQL commands through the print_judges.php endpoint in Judging Management System v1.0. Attacke...

This SQL injection vulnerability in PrestaShopleurlrewrite v1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the Dispatch...

This SQL injection vulnerability in Veragroup Mobile Assistant allows attackers to execute arbitrary SQL commands on the database. It affects all Mobi...

This SQL injection vulnerability in Eskom Water Metering Software allows attackers to execute arbitrary SQL commands, potentially leading to command l...

Purchase Order Management v1.0 contains a SQL injection vulnerability in the admin login page that allows attackers to execute arbitrary SQL commands ...

Auto Dealer Management System v1.0 contains a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands through user input. ...

AM Presencia v3.7.3 contains a SQL injection vulnerability in the login form's user parameter, allowing attackers to execute arbitrary SQL commands. T...

CVE-2023-29598 is a SQL injection vulnerability in lmxcms v1.4.1 that allows attackers to execute arbitrary SQL commands via the setbook parameter at ...

This CVE describes a SQL injection vulnerability in osTicket-plugins that allows attackers to execute arbitrary SQL commands via the order parameter i...

A SQL injection vulnerability in Mybatis Plus versions below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands by manipulating tenant ...

CVE-2020-20913 is a critical SQL injection vulnerability in Ming-Soft MCMS v4.7.2 that allows remote attackers to execute arbitrary SQL commands via t...

This is a critical SQL injection vulnerability in PublicCMS v4.0 that allows remote attackers to execute arbitrary SQL commands via the sql parameter ...

This SQL injection vulnerability in Yii Framework 2 allows remote attackers to execute arbitrary SQL commands through the runAction function, potentia...

BluePage CMS through version 3.9 has a SQL injection vulnerability in the 'users-cookie-settings' token due to insufficient sanitization of HTTP Cooki...

This SQL injection vulnerability in Akbim Computer Panon allows attackers to execute arbitrary SQL commands on the database. It affects all Panon inst...

This CVE describes a critical SQL injection vulnerability in the PrestaShop FAQs module v3.1.6, allowing remote attackers to execute arbitrary SQL com...

CVE-2022-36976 is a critical SQL injection vulnerability in Ivanti Avalanche that allows remote attackers to bypass authentication. The flaw exists in...

CVE-2022-36972 is a critical SQL injection vulnerability in Ivanti Avalanche that allows remote attackers to bypass authentication. The flaw exists in...

This SQL injection vulnerability in PrestaShop's xipblog module allows remote attackers to execute arbitrary SQL commands through the xipcategoryclass...

CVE-2023-26959 is a critical SQL injection vulnerability in Phpgurukul Park Ticketing Management System 1.0 that allows attackers to bypass authentica...

CVE-2023-28437 is a SQL injection vulnerability in Dataease open source data visualization tool caused by incomplete SQL injection blacklist protectio...

This SQL injection vulnerability in PrestaShop's smplredirectionsmanager module allows remote attackers to execute arbitrary SQL commands. Attackers c...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Gift Cards plugin version 4.3.1 or ...

This CVE describes a SQL injection vulnerability in the tshirtecommerce (Custom Product Designer) component for PrestaShop. Attackers can forge HTTP r...

CVE-2023-27569 is a critical SQL injection vulnerability in the eo_tags module for PrestaShop that allows attackers to execute arbitrary SQL commands ...

This SQL injection vulnerability in Pacsrapor allows attackers to execute arbitrary SQL commands, potentially leading to command line execution. It af...

CVE-2023-26905 is a critical SQL injection vulnerability in Alphaware - Simple E-Commerce System v1.0 that allows attackers to execute arbitrary SQL c...

School Registration and Fee System v1.0 contains a SQL injection vulnerability in the id parameter at /bilal final/edit_user.php, allowing attackers t...

Online Book Store Project v1.0 contains a SQL injection vulnerability in the /bookstore/bookPerPub.php endpoint that allows attackers to execute arbit...

Art Gallery Management System v1.0 contains a SQL injection vulnerability in the viewid parameter on the enquiry page. This allows attackers to execut...

This vulnerability allows attackers to execute arbitrary SQL commands via the emailid parameter in the login page of BP Monitoring Management System v...

CVE-2023-25207 is a SQL injection vulnerability in the DPD France module for PrestaShop that allows attackers to execute arbitrary SQL commands via th...

This SQL injection vulnerability in Saysis Starcities allows attackers to execute arbitrary SQL commands through the application. It affects all Starc...