CWE-89: SQL Injection

This vulnerability allows attackers to execute arbitrary SQL commands through the 'WP Search Filters' widget in The Plus Addons for Elementor Pro Word...

CVE-2021-45334 is a critical SQL injection vulnerability in Sourcecodester Online Thesis Archiving System 1.0 that allows unauthenticated attackers to...

CVE-2021-45814 is a critical SQL injection vulnerability in Nettmp NNT 5.1 that allows attackers to bypass authentication and gain administrative acce...

CVE-2021-43155 is a critical SQL injection vulnerability in Projectsworlds Online Book Store PHP v1.0 that allows attackers to execute arbitrary SQL c...

CVE-2021-43157 is a critical SQL injection vulnerability in Projectsworlds Online Shopping System PHP 1.0 that allows attackers to execute arbitrary S...

CVE-2021-43628 is a critical SQL injection vulnerability in Projectworlds Hospital Management System v1.0 that allows attackers to execute arbitrary S...

This vulnerability allows attackers to execute arbitrary SQL commands through the appointment_no parameter in payment.php. It affects Hospital Managem...

CVE-2021-45252 is a critical SQL injection vulnerability in Simple Forum-Discussion System 1.0 that allows attackers to execute arbitrary SQL commands...

This CVE describes a critical SQL injection vulnerability in Video Sharing Website 1.0's ajax.php email parameter. Attackers can execute arbitrary SQL...

CVE-2021-24849 is a critical SQL injection vulnerability in the WCFM Marketplace WordPress plugin that allows attackers to execute arbitrary SQL comma...

This SQL injection vulnerability in ThinkPHP5 allows attackers to execute arbitrary SQL commands through the parseOrder function. It affects all Think...

CVE-2021-44653 is a SQL injection vulnerability in Online Magazine Management System 1.0 that allows authentication bypass in the admin panel login fo...

This SQL injection vulnerability in ZZCMS 2021 allows attackers to execute arbitrary SQL commands through the askbigclassid parameter in /admin/ask.ph...

This vulnerability allows attackers to execute SQL injection attacks on SAP Commerce systems configured with Oracle databases when using parameterized...

This vulnerability allows attackers to bypass authentication in PHPGURUKUL Employee Record Management System 1.2 via SQL injection in index.php. Attac...

This vulnerability allows attackers to perform SQL injection attacks by manipulating the User-Agent header in requests to WordPress sites using the St...

This is an unauthenticated SQL injection vulnerability in the Modern Events Calendar Lite WordPress plugin. Attackers can exploit it by sending specia...

CVE-2021-43608 is a SQL injection vulnerability in Doctrine DBAL where offset and length parameters in LIMIT clauses aren't properly cast to integers....

CVE-2021-3817 is an SQL injection vulnerability in WBCE CMS that allows attackers to execute arbitrary SQL commands. This can lead to authentication b...

An unauthenticated SQL injection vulnerability in Aanderaa GeoView Webservice allows attackers to execute arbitrary SQL commands on the database. This...

A critical SQL injection vulnerability in Esri ArcGIS Server feature services allows remote unauthenticated attackers to execute arbitrary SQL command...

CVE-2021-31632 is a critical SQL injection vulnerability in b2evolution CMS v7.2.3 that allows attackers to execute arbitrary SQL commands via the cfq...

This SQL injection vulnerability in the WP Data Access WordPress plugin allows attackers to delete arbitrary database tables by exploiting unsanitized...

This vulnerability allows attackers to execute arbitrary SQL commands on WordPress sites running the Secure Copy Content Protection and Content Lockin...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites running vulnerable versions of the Registrati...

Two unauthenticated SQL injection vulnerabilities in Kaseya Unitrends Backup Appliance allow attackers to execute arbitrary SQL queries as the postgre...

CVE-2021-35414 is an unauthenticated SQL injection vulnerability in Chamilo LMS v1.11.x that allows attackers to execute arbitrary SQL commands via th...

This CVE describes a SQL injection vulnerability in TuziCMS v2.0.6 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in t...

This CVE describes a SQL injection vulnerability in TuziCMS v2.0.6 that allows attackers to execute arbitrary SQL commands through the guestbook contr...

CVE-2021-43679 is a critical SQL injection vulnerability in ECShop v2.7.3's API client component that allows attackers to execute arbitrary SQL comman...

This CVE describes a SQL injection vulnerability in PHPGURUKUL Employee Record Management System 1.2. Attackers can inject malicious SQL commands via ...

CVE-2021-44280 is a critical SQL injection vulnerability in Attendance Management System 1.0 that allows attackers to execute arbitrary SQL commands t...

A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the staff[TITLE] parameter in Staff.ph...

A SQL injection vulnerability in openSIS version 8.0 allows attackers to execute arbitrary SQL commands through the Grade parameter. This affects all ...

An unauthenticated SQL injection vulnerability in Rosario Student Information System (rosariosis) allows remote attackers to execute arbitrary Postgre...

This vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attackers to perform SQL injection attacks and retrieve all register...

This SQL injection vulnerability in Roundcube webmail allows attackers to execute arbitrary SQL commands via search or search_params parameters. It af...

CVE-2021-41931 is a SQL injection vulnerability in a Recruitment Management System that allows attackers to execute arbitrary SQL commands through the...

CVE-2021-3958 is a blind SQL injection vulnerability in Ipack Automation Systems SCADA software that allows attackers to execute arbitrary SQL command...

This SQL injection vulnerability in ResourceSpace allows unauthenticated attackers to execute arbitrary SQL commands, potentially exposing the entire ...

CVE-2021-42580 is a critical vulnerability in Sourcecodester Online Learning System 2.0 that combines SQL injection authentication bypass with authent...

CVE-2021-41081 is a critical SQL injection vulnerability in Zoho ManageEngine Network Configuration Manager that allows attackers to execute arbitrary...

CVE-2021-24827 is an unauthenticated SQL injection vulnerability in the Asgaros Forum WordPress plugin. Attackers can exploit this to execute arbitrar...

This SQL injection vulnerability in the Registration Forms WordPress plugin allows attackers to execute arbitrary SQL commands via the wp-json/pie/v1/...

CVE-2021-34684 is a critical SQL injection vulnerability in Hitachi Vantara Pentaho Business Analytics that allows unauthenticated attackers to execut...

CVE-2021-42077 is a SQL injection vulnerability in PHP Event Calendar that allows attackers to execute arbitrary SQL commands through the username par...

This vulnerability allows attackers to execute arbitrary SQL commands through the pjActionLoadForm function in Stivasoft's Phpjabbers Fundraising Scri...

CVE-2020-22223 is a SQL injection vulnerability in Stivasoft's Phpjabbers Fundraising Script v1.0 that allows attackers to execute arbitrary SQL comma...

CVE-2021-42667 is a critical SQL injection vulnerability in Sourcecodester's Online Event Booking and Reservation System in PHP. It allows attackers t...

CVE-2021-42665 is an SQL injection vulnerability in the Engineers Online Portal PHP application that allows attackers to bypass authentication via the...