CWE-89: SQL Injection

This CVE describes a SQL injection vulnerability in tp-shop e-commerce software that allows attackers to execute arbitrary SQL commands through the fB...

This vulnerability allows SQL injection in the dated_news extension for TYPO3, enabling attackers to execute arbitrary SQL commands on the database. I...

This vulnerability allows SQL injection in the Newsletter extension for TYPO3 CMS. Attackers can execute arbitrary SQL commands through the extension'...

CVE-2021-37350 is a critical SQL injection vulnerability in Nagios XI's Bulk Modifications Tool that allows attackers to execute arbitrary SQL command...

CVE-2021-28890 is a critical SQL injection vulnerability in J2eeFAST that allows remote attackers to execute arbitrary SQL commands via specific param...

This is a SQL injection vulnerability in Gxlcms v1.1 that allows attackers to execute arbitrary SQL commands via the $filename parameter in the dataac...

This vulnerability allows SQL injection attacks in Foxit Reader and PhantomPDF through crafted data appended to strings. Attackers can execute arbitra...

This vulnerability allows attackers to execute arbitrary SQL commands on WordPress sites using the Astra Pro Addon plugin. Both unauthenticated and au...

CVE-2021-38167 is a SQL injection vulnerability in Roxy-WI's check_login function that allows unauthenticated attackers to extract valid UUIDs and byp...

CVE-2021-38159 is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated remote attackers to execute arbitrary...

This CVE describes a critical SQL injection vulnerability in SonicWall Secure Remote Access (SRA) appliances. Attackers can exploit this to execute ar...

This is a critical SQL injection vulnerability in Centreon's MediaWiki integration that allows remote unauthenticated attackers to execute arbitrary S...

CVE-2021-37832 is a critical SQL injection vulnerability in Hotel Druid 3.0.2 when using SQLite database. Attackers can execute arbitrary SQL commands...

CVE-2021-36624 is a critical SQL injection vulnerability in Phone Shop Sales Management System version 1.0 that allows attackers to bypass authenticat...

This SQL injection vulnerability in Basic Shopping Cart 1.0 allows remote attackers to bypass authentication and gain administrative privileges by man...

Online Pet Shop We App 1.0 contains a critical SQL injection vulnerability in the products.php page via the 'c' or 's' parameters. This allows attacke...

This is a critical SQL injection vulnerability in Whatsns 4.0 that allows attackers to execute arbitrary SQL commands via the ip parameter in the admi...

This CVE describes a SQL injection vulnerability in Metinfo CMS version 6.1.3 that allows attackers to execute arbitrary SQL commands via the dosafety...

CVE-2020-21806 is a critical SQL injection vulnerability in ECTouch v2 e-commerce software that allows attackers to execute arbitrary SQL commands thr...

CVE-2020-21809 is a critical SQL injection vulnerability in NukeViet CMS's Shops module that allows attackers to execute arbitrary SQL commands throug...

This SQL injection vulnerability in NavigateCMS allows attackers to execute arbitrary SQL queries through the 'products-order' parameter in product.ph...

This SQL injection vulnerability in NavigateCMS allows attackers to execute arbitrary SQL queries through the 'id' parameter in product.php. Attackers...

CVE-2021-37478 is a SQL injection vulnerability in NavigateCMS that allows attackers to execute arbitrary SQL queries through the 'block-order' parame...

CVE-2021-25205 is a critical SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 that allows remote attackers to execute arbitrary ...

CVE-2021-26223 is a critical SQL injection vulnerability in CASAP Automated Enrollment System v1.0 that allows remote attackers to execute arbitrary S...

This CVE describes a SQL injection vulnerability in the SourceCodester Sales and Inventory System v1.0 that allows remote attackers to execute arbitra...

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in edituser.php in Water Billing System 1.0. This can l...

CVE-2021-26228 is a critical SQL injection vulnerability in CASAP Automated Enrollment System v1.0 that allows remote attackers to execute arbitrary S...

CVE-2021-26231 is a critical SQL injection vulnerability in Fantastic Blog CMS v1.0 that allows remote attackers to execute arbitrary SQL commands via...

CVE-2021-26765 is a critical SQL injection vulnerability in PHPGurukul Student Record System 4.0 that allows remote attackers to execute arbitrary SQL...

CVE-2020-35427 is a critical SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 that allows remote attackers to execute a...

This CVE describes a SQL injection vulnerability in Subrion CMS v4.2.1 that occurs in the search page when the website uses a PDO connection. Attacker...

CVE-2020-18144 is a critical SQL injection vulnerability in ECTouch v2 e-commerce software that allows attackers to execute arbitrary SQL commands via...

CVE-2021-33578 is a critical SQL injection vulnerability in Echo ShareCare 8.15.5 that allows both authenticated and unauthenticated attackers to exec...

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the WPDevArt Polls plugin. Attackers can...

CVE-2020-18544 is a critical SQL injection vulnerability in WMS v1.0 that allows remote attackers to execute arbitrary SQL commands via the username p...

CVE-2021-24385 is a critical SQL injection vulnerability in the FileBird WordPress plugin that allows unauthenticated attackers to execute arbitrary S...

This is a critical SQL injection vulnerability in Metinfo 7.0.0beta that allows attackers to execute arbitrary SQL commands through the index.php file...

This CVE describes SQL injection vulnerabilities in FortiMail email security appliances that allow unauthenticated attackers to execute arbitrary SQL ...

This vulnerability allows SQL injection in Django applications when untrusted user input is passed to QuerySet.order_by() methods. Attackers can execu...

NavigateCMS 2.9 contains a SQL injection vulnerability in the navigate.php file via the URL-encoded GET parameter 'category'. This allows attackers to...

This SQL injection vulnerability in Chamilo LMS allows attackers to execute arbitrary SQL commands via the searchField, filters, or filters2 parameter...

Online Pet Shop We App 1.0 contains SQL injection and shell upload vulnerabilities that allow attackers to execute arbitrary SQL commands and upload m...

This CVE describes a SQL injection vulnerability in gnuboard5's installation script that allows attackers to execute arbitrary SQL commands via the ta...

This CVE describes a critical SQL injection vulnerability in imcat v5.2 that allows attackers to execute arbitrary SQL commands through the fm[auser] ...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Location Manager plugin before vers...

CVE-2021-3604 is a critical SQL injection vulnerability in Primion Digitek Secure 8 (Evalos) that allows remote attackers to extract sensitive user an...

This vulnerability allows attackers to execute arbitrary SQL commands through the genre parameter in phpCMS 2008 sp4's yp/job.php file. This affects a...

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in ECShop 3.0's admin/shophelp.php file. This affects a...

This vulnerability allows attackers to execute arbitrary SQL commands via the x parameter in plus/ajax_street.php in 74cms version 3.2.0. It affects a...