CWE-89: SQL Injection

CVE-2021-43140 is a critical SQL injection vulnerability in Simple Subscription Website 1.0 that allows attackers to execute arbitrary SQL commands th...

This SQL injection vulnerability in eyoucms v1.4.7 allows attackers to execute arbitrary SQL commands via the tid parameter in index.php. Attackers ca...

This CVE describes a critical SQL injection vulnerability in the Sourcecodester Customer Relationship Management System (CRM) version 1.0. Attackers c...

This SQL injection vulnerability in 188Jianzhan v2.1.0 allows attackers to execute arbitrary SQL commands via the username parameter in login.php. Att...

This SQL injection vulnerability in millken doyocms 2.3 allows attackers to execute arbitrary SQL commands via the attribute parameter in pay.php. Att...

CVE-2021-41676 is an SQL injection vulnerability in the Pharmacy Point of Sale System 1.0 that allows attackers to execute arbitrary SQL commands thro...

CVE-2020-21250 is an arbitrary file upload vulnerability in CSZ CMS v1.2.4 that allows attackers to upload malicious files to the server. This affects...

This SQL injection vulnerability in Sourcecodester Complaint Management System 1.0 allows attackers to execute arbitrary SQL commands via the cid para...

CVE-2021-37371 is an unauthenticated SQL injection vulnerability in the Online Student Admission System 1.0 admin login page. Attackers can bypass aut...

CVE-2021-42258 is a critical SQL injection vulnerability in BQE BillQuick Web Suite that allows unauthenticated attackers to execute arbitrary SQL com...

Chichen Tech CMS v1.0 contains SQL injection vulnerabilities in product_list.php via id and cid parameters. Attackers can execute arbitrary SQL comman...

This CVE describes a critical SQL injection vulnerability in the Simple Payroll System with Dynamic Tax Bracket PHP application that allows attackers ...

CVE-2021-42325 is a SQL injection vulnerability in Froxlor's database management component that allows attackers to execute arbitrary SQL commands via...

This SQL injection vulnerability in openSIS Classic 8.0 allows attackers to execute arbitrary SQL commands through specific parameters in HoldAddressF...

This vulnerability allows attackers to execute arbitrary SQL commands on Opensis-Classic Version 8.0 by injecting malicious input into the 'usrid' and...

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in the ChinaCityController component via the pid parameter. This allows attackers to execu...

This SQL injection vulnerability in IBM Sterling B2B Integrator allows remote attackers to execute arbitrary SQL commands against the backend database...

CVE-2021-29903 is a SQL injection vulnerability in IBM Sterling B2B Integrator Standard Edition that allows remote attackers to execute arbitrary SQL ...

This CVE describes an SQL injection vulnerability in the Lodging Reservation Management System V1 login functionality. Attackers can bypass authentica...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands via the email parameter in Hotel and Lodge Management System 2.0...

CVE-2021-41649 is an unauthenticated SQL injection vulnerability in PuneethReddyHC's online-shopping-system-advanced through the /homeaction.php cat_i...

FlameCMS 3.3.5 contains a SQL injection vulnerability in the /master/article.php endpoint via the 'Id' parameter. This allows attackers to execute arb...

CVE-2021-41288 is a critical SQL injection vulnerability in Zoho ManageEngine OpManager's getReportData API. Attackers can execute arbitrary SQL comma...

This CVE describes a SQL injection vulnerability in ThinkPHP v3.2.3 and earlier versions. Attackers can exploit improper input validation in the 'wher...

This SQL injection vulnerability in Sureline SUREedge Migrator allows attackers to execute arbitrary SQL commands on the database. It affects organiza...

This CVE describes a SQL injection vulnerability in the Podlove Podcast Publisher WordPress plugin's 'Social & Donations' module. Attackers can exploi...

This SQL injection vulnerability in Wuzhi CMS v4.1.0 allows attackers to execute arbitrary SQL commands via the KeyValue parameter in the order admini...

The Support Board WordPress plugin before version 3.3.4 contains multiple SQL injection vulnerabilities in POST parameters that are not properly escap...

This SQL injection vulnerability in Wuzhi CMS 4.1.0 allows attackers to execute arbitrary SQL commands through the keywords parameter in the admin int...

MetInfo 7.0.0 contains a SQL injection vulnerability in the admin logs deletion function that allows attackers to execute arbitrary SQL commands. This...

CVE-2020-21121 is a critical SQL injection vulnerability in Pligg CMS that allows attackers to execute arbitrary SQL commands through the admin_update...

This CVE describes a SQL injection vulnerability in PHPGurukul Apartment Visitors Management System v1.0 that allows attackers to execute arbitrary SQ...

CVE-2021-38727 is a SQL injection vulnerability in FUEL CMS that allows attackers to execute arbitrary SQL commands via the 'col' parameter in the log...

This SQL injection vulnerability in the Customer Photo Gallery addon for PrestaShop allows attackers to execute arbitrary SQL commands through the vul...

BlueCMS v1.6 contains a SQL injection vulnerability in the /ad_js.php endpoint that allows attackers to execute arbitrary SQL commands. This affects a...

This vulnerability allows attackers to execute arbitrary SQL commands via the username parameter in the login system of Simple Water Refilling Station...

This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands through the username parameter in index.php when us...

This SQL injection vulnerability in openSIS 8.0 allows attackers to execute arbitrary SQL commands on the MySQL/MariaDB database through the password_...

This is a critical SQL injection vulnerability in openSIS version 8.0 when using MySQL or MariaDB databases. Attackers can inject malicious SQL comman...

This SQL injection vulnerability in Form Tools allows low-privileged client users to execute arbitrary SQL commands via the export_group_id parameter....

A blind SQL injection vulnerability in Delta Electronics DIAEnergie allows remote unauthenticated attackers to execute arbitrary SQL commands. This ca...

A blind SQL injection vulnerability in Delta Electronics DIAEnergie allows remote, unauthenticated attackers to execute arbitrary SQL commands. This c...

A blind SQL injection vulnerability in Delta Electronics DIAEnergie allows remote, unauthenticated attackers to execute arbitrary SQL commands. This c...

CVE-2021-37749 is a blind SQL injection vulnerability in Hexagon GeoMedia WebMap 2020 that allows attackers to execute arbitrary SQL commands via the ...

CVE-2020-18106 is a critical SQL injection vulnerability in WMS v1.0 where the 'id' GET parameter is not properly filtered. This allows attackers to e...

Nuishop v2.3 contains a SQL injection vulnerability in the /goods/getGoodsListByConditions/ endpoint that allows attackers to execute arbitrary SQL co...

This vulnerability allows attackers to execute arbitrary SQL commands through the message submission functionality in thinkphp-zcms. It affects all sy...

This SQL injection vulnerability in the Edit Comments WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects ...

This vulnerability allows SQL injection in MISP (Malware Information Sharing Platform) through the Log.php component. Attackers can execute arbitrary ...

This is a critical SQL injection vulnerability in SEACMS v210530 that allows remote attackers to execute arbitrary SQL commands via the admin_ajax.php...