CWE-89: SQL Injection

CVE-2020-22210 is a critical SQL injection vulnerability in 74cms version 3.2.0 that allows attackers to execute arbitrary SQL commands via the x para...

This is a critical SQL injection vulnerability in 74cms version 3.2.0 that allows attackers to execute arbitrary SQL commands via the 'id' parameter i...

This CVE describes a SQL injection vulnerability in phpCMS 2007 that allows attackers to execute arbitrary SQL commands through the digg_mod parameter...

This CVE describes a SQL injection vulnerability in DedeCMS 5.7 that allows attackers to execute arbitrary SQL commands via the mdescription parameter...

CVE-2020-35441 is a critical SQL injection vulnerability in FDCMS (Fangfa Content Management System) 4.0 that allows attackers to execute arbitrary SQ...

This vulnerability allows SQL injection attacks in the Bello WordPress theme before version 1.6.0. Attackers can exploit unsanitized parameters to exe...

COVID19 Testing Management System 1.0 contains a SQL injection vulnerability in the admin panel that allows attackers to execute arbitrary SQL command...

This SQL injection vulnerability in zzcms 2019 allows attackers to execute arbitrary SQL commands through the daohang or img POST parameters in user/z...

CVE-2020-25409 is a critical SQL injection vulnerability in Projectsworlds College Management System PHP 1.0 that allows attackers to execute arbitrar...

CVE-2021-20720 is a critical SQL injection vulnerability in KonaWiki2 that allows remote attackers to execute arbitrary SQL commands. This enables att...

This SQL injection vulnerability in CentOS Web Panel's unprivileged user portal allows attackers to execute arbitrary SQL commands via the 'idsession'...

This vulnerability allows authenticated administrators in Piwigo 11.4.0 to perform SQL injection attacks via the order[0][dir] parameter in admin/user...

An unauthenticated SQL injection vulnerability in Pandora FMS allows attackers to bypass authentication by manipulating session parameters. This affec...

CVE-2020-19108 is a critical SQL injection vulnerability in Online Book Store v1.0 that allows remote attackers to execute arbitrary SQL commands thro...

This CVE describes a SQL injection vulnerability in Online Book Store v1.0, allowing remote attackers to execute arbitrary SQL commands via the bookis...

This CVE describes a SQL injection vulnerability in Online Book Store v1.0 that allows remote attackers to execute arbitrary SQL commands via the publ...

This CVE describes a SQL injection vulnerability in Online Book Store v1.0 that allows attackers to execute arbitrary SQL commands through the isbn pa...

CVE-2020-22807 is a critical SQL injection vulnerability in vtiger CRM's calendar export feature that allows attackers to execute arbitrary SQL comman...

CVE-2020-18020 is a critical SQL injection vulnerability in PHPSHE Mall System v1.7 that allows remote attackers to execute arbitrary SQL commands via...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on OpenClinic GA systems through the componentStatus parameter i...

This vulnerability allows unauthenticated SQL injection attacks against OpenClinic GA's getAssets.jsp page via the nomenclature parameter. Attackers c...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on OpenClinic GA systems via the assetStatus parameter in getAss...

This SQL injection vulnerability in Django Debug Toolbar allows attackers to execute arbitrary SQL statements by manipulating the raw_sql input field ...

CVE-2021-27130 is a critical SQL injection vulnerability in Online Reviewer System 1.0 that allows authentication bypass and remote code execution. At...

This is an authenticated SQL injection vulnerability in OpenClinic GA's 'getAssets.jsp' page that allows attackers to execute arbitrary SQL commands t...

This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the supplierUID parameter in OpenClinic GA's getAssets.jsp...

ZEROF Web Server 1.0 (April 2021) contains a SQL injection vulnerability in the /HandleEvent endpoint used for login authentication. This allows attac...

This vulnerability allows remote attackers to execute arbitrary SQL commands via the admin.php file in Online Book Store 1.0, leading to authenticatio...

This SQL injection vulnerability in Nagios Network Analyzer allows attackers to execute arbitrary SQL commands via the o[col] parameter in the api/che...

This vulnerability allows SQL injection through the txtaccesscode parameter in LATRIX 0.6.0's inandout.php file, enabling attackers to extract databas...

CVE-2020-28172 is a critical SQL injection vulnerability in Simple College Website 1.0 that allows unauthenticated attackers to bypass admin authentic...

This vulnerability allows remote attackers to execute arbitrary SQL commands through the /admin/display_errors.php script in Invigo ADM. Attackers can...

CVE-2020-35337 is a SQL injection vulnerability in ThinkSAAS CMS that allows authenticated attackers to execute arbitrary SQL commands via the title p...

This vulnerability allows SQL injection through the IT-Recht Kanzlei plugin in Zen Cart's German edition. Attackers can execute arbitrary SQL commands...

This vulnerability allows attackers to execute arbitrary SQL commands on WordPress sites using the Photo Gallery plugin. It affects all WordPress inst...

This is a critical SQL injection vulnerability in the EIC e-document system's user data querying function. Attackers can execute arbitrary SQL command...

This vulnerability allows SQL injection in the vhs (VHS: Fluid ViewHelpers) extension for TYPO3 through the isLanguageViewHelper component. Attackers ...

This SQL injection vulnerability in zzzphp v1.8.0 allows attackers to execute arbitrary SQL commands through the /form/index.php?module=getjson endpoi...

This vulnerability allows SQL injection in FUEL CMS 1.4.8 through the 'fuel_replace_id' parameter. Attackers can execute arbitrary SQL commands, poten...

This SQL injection vulnerability in Kentico CMS allows attackers to execute arbitrary SQL commands via the tagname parameter in the Blog module. It af...

CVE-2021-27314 is a critical SQL injection vulnerability in Doctor Appointment System 1.0 that allows unauthenticated attackers to execute arbitrary S...

CVE-2020-24913 is a critical SQL injection vulnerability in QCubed PHP framework's profile.php file. Unauthenticated attackers can execute arbitrary S...

CVE-2020-28657 is a critical SQL injection vulnerability in bPanel 2.0 that allows unauthenticated attackers to execute arbitrary SQL commands through...

CVE-2021-26904 is a critical SQL injection vulnerability in LMA ISIDA Retriever 5.2 that allows attackers to execute arbitrary SQL commands on the dat...

Baby Care System v1.0 contains a SQL injection vulnerability in the 'id' parameter of contentsectionpage.php. This allows attackers to execute arbitra...

This SQL injection vulnerability in Mutare Voice (EVM) allows attackers to execute arbitrary SQL commands on the web application through multiple ASP ...

CVE-2021-26200 is an SQL injection vulnerability in Library System 1.0 that allows attackers to bypass authentication and gain admin privileges. This ...

CVE-2021-26822 is a critical SQL injection vulnerability in Teachers Record Management System 1.0 that allows remote unauthenticated attackers to exec...

This SQL injection vulnerability in LimeSurvey's participant model allows attackers to execute arbitrary SQL commands on the database. It affects all ...

CVE-2021-22658 is a SQL injection vulnerability in Advantech iView software that allows attackers to execute arbitrary SQL commands. Successful exploi...