CWE-89: SQL Injection

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against WordPress sites using vulnerable versions of the TI WooCo...

This vulnerability allows attackers to execute arbitrary SQL commands via the id parameter in the /admin/doctors/view_doctor.php endpoint of Hospital ...

This SQL injection vulnerability in the WP Statistics WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries. Attackers ca...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the WP Statistics plugin. Attackers ca...

This CVE describes a SQL injection vulnerability in Tongda2000 v11.10's delete.php file via the DELETE_STR parameter, allowing attackers to execute ar...

This CVE describes a SQL injection vulnerability in Tongda2000 v11.10's delete_query.php file via the DELETE_STR parameter. Attackers can execute arbi...

An unauthenticated SQL injection vulnerability in RosarioSIS allows attackers to execute arbitrary SQL commands via the votes parameter in PortalPolls...

CVE-2021-44610 allows attackers to execute arbitrary SQL commands via multiple parameters in bloofoxCMS admin interface. This affects all bloofoxCMS i...

Online Shopping Portal v3.1 contains time-based SQL injection vulnerabilities in the email and contactno parameters, allowing attackers to execute arb...

ZEROF Web Server 2.0 contains a SQL injection vulnerability in the /HandleEvent endpoint that allows attackers to execute arbitrary SQL commands. This...

CVE-2021-44868 is a SQL injection vulnerability in ming-soft MCMS v5.1 that allows attackers to execute arbitrary SQL commands through the /ms/cms/con...

Jeecg-boot v3.0 contains a SQL injection vulnerability in the /jeecg-boot/sys/user/queryUserByDepId endpoint via the code parameter. This allows attac...

CVE-2021-3242 is a SQL injection vulnerability in DuxCMS v3.1.3 that allows attackers to execute arbitrary SQL commands via the s/tools/SendTpl/index?...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the WP Statistics plugin with 'Record ...

S-CMS v5.0 contains a SQL injection vulnerability in the member_pay.php file through the O_id parameter. This allows attackers to execute arbitrary SQ...

This CVE describes a SQL injection vulnerability in Tongda2000 v11.10's export_data.php file via the d_name parameter. Attackers can execute arbitrary...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running vulnerable versions of the Paid Member...

CVE-2022-24219 is a SQL injection vulnerability in eliteCMS v1.0 that allows attackers to execute arbitrary SQL commands via the /admin/edit_page.php ...

CVE-2022-24221 is a SQL injection vulnerability in eliteCMS v1.0 that allows attackers to execute arbitrary SQL commands via the /admin/functions/func...

AtomCMS v2.0 contains a SQL injection vulnerability in the admin login page that allows attackers to execute arbitrary SQL commands. This affects all ...

This CVE describes a SQL injection vulnerability in Simple Client Management System 1.0 that allows attackers to execute arbitrary SQL commands via th...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites running the Perfect Survey plugin before versi...

CVE-2022-24263 is a SQL injection vulnerability in Hospital Management System v4.0 that allows attackers to execute arbitrary SQL commands via the ema...

CVE-2021-46444 is a SQL injection vulnerability in H.H.G Multistore's admin interface that allows attackers to execute arbitrary SQL commands. This af...

CVE-2021-46446 is a SQL injection vulnerability in H.H.G Multistore's admin interface that allows attackers to execute arbitrary SQL commands. This af...

This vulnerability allows attackers to execute arbitrary SQL commands via the customers.php admin endpoint in H.H.G Multistore. Attackers can potentia...

This is a critical SQL injection vulnerability in SelectSurvey.NET that allows unauthenticated remote attackers to extract sensitive data from the bac...

CVE-2022-22294 is a critical SQL injection vulnerability in ZFAKA e-commerce software that allows unauthenticated attackers to execute arbitrary SQL c...

This SQL injection vulnerability in Sourcecodester Mobile Shop System 1.0 allows attackers to execute arbitrary SQL commands via the email parameter i...

Online Motorcycle Rental System 1.0 has a blind time-based SQL injection vulnerability in its login portal that allows attackers to extract database c...

CVE-2021-46377 is a SQL injection vulnerability in CSZCMS 1.2.9 that allows attackers to execute arbitrary SQL commands through the Member.php control...

CVE-2022-0362 is a critical SQL injection vulnerability in showdoc documentation software that allows attackers to execute arbitrary SQL commands. Thi...

This SQL injection vulnerability in Moodle's H5P activity web service allows attackers to execute arbitrary SQL commands. It affects Moodle installati...

CVE-2021-46089 is a critical SQL injection vulnerability in JeecgBoot 3.0 that allows attackers to execute arbitrary SQL commands with root database p...

CVE-2021-45802 is a critical SQL injection vulnerability in MartDevelopers iResturant 1.0 that allows attackers to execute arbitrary SQL commands thro...

This CVE describes an unauthenticated SQL injection vulnerability in Projectworlds online-shopping-webvsite-in-php version 1.0. Attackers can exploit ...

Online Banking System v1.0 contains a SQL injection vulnerability in index.php that allows attackers to execute arbitrary SQL commands. This affects a...

CVE-2022-23365 is a critical SQL injection vulnerability in HMS v1.0's doctorlogin.php that allows attackers to execute arbitrary SQL commands. This a...

This SQL injection vulnerability in the Online Leave Management System allows attackers to execute arbitrary SQL commands via the username parameter i...

This SQL injection vulnerability in the Budget and Expense Tracker System allows attackers to execute arbitrary SQL commands through the username fiel...

This SQL injection vulnerability in Sourcecodester Online Railway Reservation System 1.0 allows attackers to execute arbitrary SQL commands via the 's...

This SQL injection vulnerability in Simple Music Cloud Community System 1.0 allows attackers to execute arbitrary SQL commands via the email parameter...

This SQL injection vulnerability in Projectworlds Online Examination System 1.0 allows attackers to execute arbitrary SQL commands via the eid paramet...

This CVE describes a critical SQL injection vulnerability in the Computer and Mobile Repair Shop Management System (RSMS) 1.0. Attackers can exploit t...

This SQL injection vulnerability in Sourcecodester Online Reviewer System 1.0 allows attackers to execute arbitrary SQL commands via the password para...

CVE-2021-44244 is an SQL injection vulnerability in the login.php file of Sourcecodester Logistic Hub Parcel's Management System 1.0. Attackers can in...

Taocms v3.0.2 contains both an arbitrary file read vulnerability via the path parameter and an SQL injection vulnerability in Article.php. This allows...

CVE-2022-23305 is an SQL injection vulnerability in Log4j 1.2.x's JDBCAppender that allows attackers to execute arbitrary SQL queries by injecting mal...

CVE-2022-22055 is a critical SQL injection vulnerability in the Le-yan dental management system login page. Unauthenticated attackers can execute arbi...

CVE-2020-28102 is a critical SQL injection vulnerability in cscms v4.1 that allows attackers to execute arbitrary SQL commands via the 'js_del' functi...