CWE-89: SQL Injection

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Dokan plugin. Attackers can potenti...

CVE-2022-44151 is a critical SQL injection vulnerability in Simple Inventory Management System v1.0's login.php endpoint that allows attackers to exec...

This is an unauthenticated SQL injection vulnerability in SonicWall GMS and Analytics On-Prem products. Attackers can execute arbitrary SQL commands w...

Fruits Bazar v1.0 contains a SQL injection vulnerability in the password recovery function via the recover_email parameter. This allows attackers to e...

Orange Station 1.0 contains a SQL injection vulnerability in the username parameter that allows attackers to execute arbitrary SQL commands. This affe...

This is a critical SQL injection vulnerability in Digiwin BPM software that allows unauthenticated remote attackers to execute arbitrary SQL commands....

Barangay Management System v1.0 contains a SQL injection vulnerability in the hidden_id parameter at /officials/officials.php. This allows attackers t...

CVE-2022-27434 is a SQL injection vulnerability in UNIT4 TETA Mobile Edition that allows attackers to execute arbitrary SQL commands via the ProfileNa...

Electronic Mall System 1.0_build20200203 contains a SQL injection vulnerability (CWE-89) that allows attackers to execute arbitrary SQL commands throu...

This CVE describes a SQL injection vulnerability in the lux extension for TYPO3 CMS. Attackers can execute arbitrary SQL commands through the extensio...

CVE-2022-29600 is a SQL injection vulnerability in the oelib extension for TYPO3 CMS. It allows attackers to execute arbitrary SQL commands through cr...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WooCommerce websites using the Pricing Deals plugin. Attacker...

This vulnerability allows remote attackers to execute SQL injection attacks against HPE IceWall SSO 10.0 certd component, potentially leading to unaut...

Online Accreditation Management System v1.0 contains a SQL injection vulnerability in the USERNAME parameter at process.php. This allows attackers to ...

CVE-2022-31056 is a critical SQL injection vulnerability in GLPI's assistance forms (Ticket/Change/Problem) that allows attackers to execute arbitrary...

CVE-2022-34132 is a SQL injection vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to execute arbitrary SQL commands via the id param...

CVE-2022-31361 is a SQL injection vulnerability in Docebo Community Edition v4.0.5 and below that allows attackers to execute arbitrary SQL commands. ...

CVE-2022-31787 is a critical SQL injection vulnerability in IdeaTMS 2022 that allows attackers to execute arbitrary SQL commands via the PATH_INFO par...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Events Made Easy plugin. Attackers ...

CVE-2022-31941 is a critical SQL injection vulnerability in Rescue Dispatch Management System v1.0 that allows attackers to execute arbitrary SQL comm...

Online Ordering System v2.3.2 contains a SQL injection vulnerability in the category search parameter. Attackers can execute arbitrary SQL commands th...

Online Ordering System v2.3.2 contains a SQL injection vulnerability in the inventory management interface that allows attackers to execute arbitrary ...

CVE-2022-31296 is a blind SQL injection vulnerability in Online Discussion Forum Site 1's view_post.php component that allows attackers to execute arb...

This vulnerability allows attackers to execute arbitrary SQL commands through the VoIPmonitor WEB GUI's api.php file via the 'user' parameter. It affe...

This vulnerability allows attackers to execute arbitrary SQL commands through the UserName parameter in NOKIA VitalSuite SPM 2020. Successful exploita...

Directory Management System v1.0 contains a SQL injection vulnerability in the search-dirctory.php file via the searchdata parameter. This allows atta...

Directory Management System v1.0 contains a SQL injection vulnerability in the fullname parameter of add-directory.php. This allows attackers to execu...

CVE-2022-32301 is a critical SQL injection vulnerability in YoudianCMS v9.5.0 that allows attackers to execute arbitrary SQL commands via the IdList p...

CVE-2022-32101 is a SQL injection vulnerability in kkcms v1.3.7 that allows attackers to execute arbitrary SQL commands via the cid parameter in /temp...

This SQL injection vulnerability in IBM Financial Transaction Manager for Digital Payments allows remote attackers to execute arbitrary SQL commands. ...

Fast Food Ordering System v1.0 contains a SQL injection vulnerability in the admin menu viewing functionality. Attackers can exploit this by manipulat...

Church Management System version 1.0 has a critical SQL injection vulnerability that allows attackers to upload PHP files disguised as avatar images. ...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the KiviCare plugin. It affects all Wor...

CVE-2021-41756 is a SQL injection vulnerability in dynamicMarkt marketplace software that allows attackers to execute arbitrary SQL commands through t...

CVE-2021-41754 is a SQL injection vulnerability in dynamicMarkt software that allows attackers to execute arbitrary SQL commands through the parent pa...

This vulnerability allows attackers to execute arbitrary SQL commands via the ClassID parameter in IdeaLMS 2022's chat room access control endpoint. I...

Simple Task Scheduling System 1.0 contains an unauthenticated SQL injection vulnerability in the 'id' parameter when using MySQL. Attackers can execut...

This SQL injection vulnerability in IBM InfoSphere Information Server 11.7 allows remote attackers to execute arbitrary SQL commands against the back-...

BrowsBox CMS v4.0 contains a SQL injection vulnerability that allows attackers to execute arbitrary SQL commands through user input. This affects all ...

Badminton Center Management System v1.0 contains a SQL injection vulnerability in the admin panel's user management page. Attackers can exploit this t...

Badminton Center Management System v1.0 contains a SQL injection vulnerability in the delete_court function that allows attackers to execute arbitrary...

Badminton Center Management System v1.0 contains a SQL injection vulnerability in the delete_service function that allows attackers to execute arbitra...

Badminton Center Management System v1.0 contains a SQL injection vulnerability in the admin panel's court management module. Attackers can exploit thi...

Rescue Dispatch Management System v1.0 contains a SQL injection vulnerability in the delete_respondent_type function that allows attackers to execute ...

Rescue Dispatch Management System v1.0 contains a SQL injection vulnerability in the incident report viewer that allows attackers to execute arbitrary...

Rescue Dispatch Management System v1.0 contains a SQL injection vulnerability in the admin teams view page that allows attackers to execute arbitrary ...

CVE-2022-31961 is a critical SQL injection vulnerability in Rescue Dispatch Management System v1.0 that allows attackers to execute arbitrary SQL comm...

CVE-2022-31964 is a critical SQL injection vulnerability in Rescue Dispatch Management System v1.0 that allows attackers to execute arbitrary SQL comm...

ChatBot App with Suggestion v1.0 contains a SQL injection vulnerability in the user management admin panel. Attackers can exploit this by manipulating...

Online Fire Reporting System v1.0 contains a SQL injection vulnerability in the delete_request function that allows attackers to execute arbitrary SQL...