CWE-89: SQL Injection

This SQL injection vulnerability in the Captivate Sync WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects...

This SQL injection vulnerability in the BeRocket Brands for WooCommerce plugin allows attackers to execute arbitrary SQL commands on affected WordPres...

This CVE describes a blind SQL injection vulnerability in the User Feedback Lite WordPress plugin. Attackers can inject malicious SQL commands through...

This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x allows attackers to bypass authentication by injecting malicious SQL cod...

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to execute arbitrary SQL comma...

This SQL injection vulnerability in QNAP operating systems allows remote attackers to execute arbitrary SQL commands. If exploited, attackers could ex...

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to execute arbitrary SQL queries. T...

This SQL injection vulnerability in the URL Shortener Plugin For WordPress allows unauthenticated attackers to execute arbitrary SQL queries through t...

CVE-2024-58308 is a critical SQL injection vulnerability in Quick.CMS 6.7 that allows unauthenticated attackers to bypass login authentication and gai...

CVE-2024-58309 is an unauthenticated SQL injection vulnerability in xbtitFM 4.1.18 that allows remote attackers to execute arbitrary SQL commands. Att...

This SQL injection vulnerability in Xinhu Rainrock RockOA allows attackers to execute arbitrary SQL commands through the shouji and userid parameters....

This SQL injection vulnerability in LambertGroup Accordion Slider PRO WordPress plugin allows attackers to execute arbitrary SQL commands against the ...

This SQL injection vulnerability in the Ninja Tables WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects a...

This SQL injection vulnerability in the WordPress Media Library Tools plugin allows attackers to execute arbitrary SQL commands on the database. All W...

This SQL injection vulnerability in the Agile Logix Store Locator WordPress plugin allows attackers to execute arbitrary SQL commands on the database....

This SQL injection vulnerability in the ArtPlacer Widget WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affec...

This SQL injection vulnerability in Talent Software UNIS allows attackers to execute arbitrary SQL commands through unvalidated user input. It affects...

This SQL injection vulnerability allows attackers to execute arbitrary SQL commands through the appointmentID parameter in the Patients Waiting Area Q...

Online Medicine Guide 1.0 contains a SQL injection vulnerability in the login.php page's upass parameter. This allows attackers to execute arbitrary S...

This SQL injection vulnerability in the asyncmy Python library allows attackers to execute arbitrary SQL commands by manipulating dictionary keys in q...

CVE-2025-65358 is a SQL injection vulnerability in Edoc Doctor Appointment System v1.0.1 that allows attackers to execute arbitrary SQL commands via t...

This SQL injection vulnerability in TCMAN GIM v11 allows attackers to manipulate database queries through the 'idmant' parameter in GET requests to '/...

An unauthenticated blind SQL injection vulnerability in mJobtime v15.7.2 allows attackers to execute arbitrary SQL statements via crafted POST request...

This SQL injection vulnerability in OpenCode Systems USSD Gateway allows attackers to execute arbitrary SQL commands via the Session ID parameter in t...

This SQL injection vulnerability in OpenCode Systems USSD Gateway allows attackers to execute arbitrary SQL commands via the ID parameter in the getSu...

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. Attackers can exploit...

This SQL injection vulnerability in Eksagate's Webpack Management System allows attackers to execute arbitrary SQL commands through unvalidated user i...

DzzOffice v2.3.7 and earlier contains a SQL injection vulnerability in the explorer/groupmanage component that allows attackers to execute arbitrary S...

A critical SQL injection vulnerability in WinPlus v24.11.27 allows attackers to execute arbitrary SQL commands via specially crafted POST requests. Th...

PHPGurukul Online Shopping Portal 2.0 contains a SQL injection vulnerability in the forgot-password.php page's email parameter. This allows attackers ...

This SQL injection vulnerability in WellSky Harmony's login functionality allows attackers to bypass authentication, access sensitive data, or comprom...

A SQL injection vulnerability in CentralSquare Community Development 19.5.7 allows attackers to execute arbitrary SQL commands through the permit_no f...

CVE-2025-8324 is an unauthenticated SQL injection vulnerability in Zohocorp ManageEngine Analytics Plus that allows attackers to execute arbitrary SQL...

An SQL injection vulnerability in QuMagie allows remote attackers to execute arbitrary SQL commands. This affects all QuMagie installations before ver...

This vulnerability allows remote attackers to bypass authentication and execute SQL injection attacks on Advantech iView systems. Attackers can exfilt...

This vulnerability allows remote attackers to bypass authentication and execute SQL injection via the SNMP management tool in Advantech iView, leading...

This is a critical SQL injection vulnerability in SuiteCRM's export functionality that allows unauthenticated remote attackers to execute arbitrary SQ...

This SQL injection vulnerability in the HieCOR Payment Gateway Plugin for WordPress allows attackers to execute arbitrary SQL commands on the database...

This SQL injection vulnerability in the HiStudy WordPress theme allows attackers to execute arbitrary SQL commands through the theme's components. It ...

An unauthenticated SQL injection vulnerability in Geutebruck G-Cam E-Series cameras allows attackers to execute arbitrary SQL commands via the Group p...

Car-Booking-System-PHP v1.0 contains a SQL injection vulnerability in the sign-in page that allows attackers to execute arbitrary SQL commands. This a...

Car-Booking-System-PHP v1.0 contains a SQL injection vulnerability in the contact.php endpoint that allows attackers to execute arbitrary SQL commands...

This SQL injection vulnerability in Abis Technology BAPSIS allows attackers to execute arbitrary SQL commands through the application, potentially acc...

This SQL injection vulnerability in Nagios XI's legacy Core Configuration Manager allows authenticated users to manipulate database queries. Attackers...

CVE-2025-63622 is a critical SQL injection vulnerability in code-projects Online Complaint Site 1.0 that allows attackers to execute arbitrary SQL com...

This SQL injection vulnerability in Aksis Technology Netty ERP allows attackers to execute arbitrary SQL commands by injecting malicious input. All or...

CVE-2025-61455 is a critical SQL injection vulnerability in Bhabishya-123 E-commerce 1.0 that allows unauthenticated attackers to bypass authenticatio...

This SQL injection vulnerability in Sergestec's Exito v8.0 allows attackers to manipulate database queries through the 'cat' parameter in '/public.php...

This SQL injection vulnerability in Winsure software allows attackers to execute arbitrary SQL commands through blind injection techniques. All users ...

This SQL injection vulnerability in the Aykome License Tracking System allows attackers to execute arbitrary SQL commands on the database. It affects ...