CWE-89: SQL Injection

CVE-2022-23797 is a critical SQL injection vulnerability in Joomla! CMS that allows attackers to execute arbitrary SQL commands through inadequate fil...

This SQL injection vulnerability in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter in takeconfirm.ph...

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerECC.ashx that allows attackers to execut...

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in the HandlerExport.ashx/Calendar endpoint. This ...

Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in DIAE_loopmapHandler.ashx that allows attacker...

Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in HandlerDialog_KID.ashx. This allows attackers...

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerCommon.ashx that allows attackers to exe...

Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the GetQueryData function. This allows attack...

Delta Electronics DIAEnergie versions before 1.8.02.004 contain a blind SQL injection vulnerability in HandlerPage_KID.ashx. This allows attackers to ...

Delta Electronics DIAEnergie versions prior to 1.8.02.004 contain a blind SQL injection vulnerability in the DIAE_eccoefficientHandler.ashx endpoint. ...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Title Experiments Free plugin. Atta...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against WordPress sites running the SpeakOut! Email Petitions plu...

This SQL injection vulnerability in the Block Bad Bots WordPress plugin allows attackers to execute arbitrary SQL commands by manipulating the User-Ag...

This vulnerability in the Popup Builder WordPress plugin allows SQL injection and reflected XSS attacks. Attackers can exploit it by sending malicious...

CVE-2022-23882 is a SQL injection vulnerability in TuziCMS 2.0.6 that allows attackers to execute arbitrary SQL commands through the BannerController ...

This CVE describes a SQL injection vulnerability in the Ramo plugin for GLPI 9.4.6 that allows attackers to execute arbitrary SQL commands via the idu...

CVE-2022-26268 is a SQL injection vulnerability in Xiaohuanxiong v1.0 that allows attackers to execute arbitrary SQL commands via the id parameter in ...

CVE-2021-26599 is a SQL injection vulnerability in ImpressCMS's include/findusers.php groups parameter. Attackers can execute arbitrary SQL commands t...

This SQL injection vulnerability in Dreamer CMS 4.0.0 allows attackers to execute arbitrary SQL commands via the tableName parameter. This can lead to...

CVE-2021-43700 is a SQL injection vulnerability in ApiManager 1.1 that allows attackers to execute arbitrary SQL commands through the /index.php?act=a...

Money Transfer Management System Version 1.0 contains unauthenticated SQL injection vulnerabilities in two administrative endpoints. Attackers can exe...

CVE-2021-43735 is a SQL injection vulnerability in CmsWing CMS that allows attackers to execute arbitrary SQL commands through the 'behavior rule' par...

CVE-2022-25517 is a SQL injection vulnerability in MyBatis Plus v3.4.3 that allows attackers to execute arbitrary SQL commands through the Column para...

CVE-2021-43650 is a SQL injection vulnerability in WebRun 3.6.0.42 that allows attackers to manipulate database queries via the P_0 parameter during l...

Simple Subscription Website v1.0 contains a SQL injection vulnerability in the view_plan endpoint's id parameter. Attackers can exploit this to extrac...

Simple Subscription Website v1.0 contains a SQL injection vulnerability in the apply endpoint's id parameter that allows attackers to execute arbitrar...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the Advanced Booking Calendar plugin bef...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Infographic Maker plugin before ver...

CVE-2022-25505 is a critical SQL injection vulnerability in Taocms v3.0.2 that allows attackers to execute arbitrary SQL commands via the id parameter...

CVE-2022-25490 is a SQL injection vulnerability in HMS v1.0 that allows attackers to execute arbitrary SQL commands via the editid parameter in depart...

CVE-2022-25492 is a critical SQL injection vulnerability in HMS v1.0 that allows attackers to execute arbitrary SQL commands via the medicineid parame...

Online Banking System v1.0 contains a SQL injection vulnerability in the staff_login.php page that allows attackers to execute arbitrary SQL commands....

SyliusGridBundle versions before 1.10.1 and 1.11-rc2 have a SQL injection vulnerability where user-controlled sorting parameters are passed directly t...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites running vulnerable versions of the CommonsBoo...

This vulnerability allows attackers to execute arbitrary SQL commands on WordPress sites using the MOLIE plugin. It affects all WordPress installation...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Photo Gallery by 10Web plugin. Atta...

This vulnerability allows attackers to perform SQL injection attacks on WordPress sites using the Zero Spam plugin before version 5.2.11. Attackers ca...

CVE-2022-24606 is a SQL injection vulnerability in Luocms v2.0 that allows attackers to execute arbitrary SQL commands through the /admin/news/sort_ok...

CVE-2022-24602 is a SQL injection vulnerability in Luocms v2.0's news_mod.php admin endpoint that allows attackers to execute arbitrary SQL commands. ...

CVE-2022-24604 is a SQL injection vulnerability in Luocms v2.0 that allows attackers to execute arbitrary SQL commands via the /admin/link/link_mod.ph...

CVE-2022-24600 is a critical SQL injection vulnerability in Luocms v2.0's admin login page that allows attackers to bypass authentication and gain adm...

This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on WordPress sites running NotificationX plugin versions be...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against WordPress sites using the Page View Count plugin. Attacke...

CVE-2022-26201 is a SQL injection vulnerability in Victor CMS v1.0 that allows attackers to execute arbitrary SQL commands through unsanitized user in...

MCMS v5.2.5 contains a SQL injection vulnerability in the categoryId parameter that allows attackers to execute arbitrary SQL commands. This affects a...

MCMS v5.2.4 contains a SQL injection vulnerability in the search.do endpoint at /mdiy/dict/listExcludeApp. This allows attackers to execute arbitrary ...

This vulnerability allows attackers to execute arbitrary SQL commands via the cid parameter in the customer-add.php file of Medical Store Management S...

This CVE describes a SQL injection vulnerability in Cosmetics and Beauty Product Online Store v1.0 through the search parameter. Attackers can execute...

Simple Real Estate Portal System v1.0 contains a SQL injection vulnerability in the id parameter that allows attackers to execute arbitrary SQL comman...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against WordPress sites using vulnerable versions of the TI WooCo...