CWE-89: SQL Injection

CVE-2025-60307 is a critical SQL injection vulnerability in code-projects Computer Laboratory System 1.0 that allows authentication bypass via a unive...

This SQL injection vulnerability in the WordPress Community Events plugin allows authenticated attackers with Subscriber-level access or higher to inj...

This SQL injection vulnerability in the WordPress Community Events plugin allows authenticated attackers with Subscriber-level access or higher to inj...

This SQL injection vulnerability in PuneethReddyHC Online Shopping System Advanced 1.0 allows attackers to execute arbitrary SQL commands through the ...

This SQL injection vulnerability in Callvision Healthcare's Callvision Emergency Code software allows attackers to execute arbitrary SQL commands agai...

A critical SQL injection vulnerability in Uniclare Student Portal v2 allows remote attackers to execute arbitrary SQL commands through vulnerable inpu...

WeGIA versions 3.4.12 and below contain an SQL injection vulnerability in the /pet/profile_pet.php endpoint via the id_pet parameter. This allows atta...

CVE-2025-61603 is a critical SQL injection vulnerability in WeGIA web management software for charitable institutions. Attackers can execute arbitrary...

This SQL injection vulnerability in AndSoft's e-TMS v25.03 allows attackers to execute arbitrary SQL commands via the USRMAIL parameter in login forms...

A critical SQL injection vulnerability in AndSoft's e-TMS v25.03 allows attackers to manipulate database operations by exploiting the 'SessionID' cook...

This SQL injection vulnerability in Fayton Software's fayton.Pro ERP allows attackers to execute arbitrary SQL commands through the application. All u...

An authenticated attacker can exploit SQL injection in Chef Automate's compliance service to gain unauthorized access to restricted functionality. Thi...

Ericsson Indoor Connect 8855 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This can...

A SQL injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote attackers to execute arbitrary SQL commands via the fr...

MapServer versions before 8.4.1 contain a SQL injection vulnerability in the XML Filter Query directive PropertyName. Attackers can bypass expression ...

This SQL injection vulnerability in Yordam Library Automation System allows attackers to execute arbitrary SQL commands through the application. It af...

A critical SQL injection vulnerability in TDuckCloud v5.1 allows remote attackers to execute arbitrary SQL commands via the file upload module. This c...

This SQL injection vulnerability in Arma Store Armalife allows attackers to execute arbitrary SQL commands on the database. It affects all Armalife ve...

This SQL injection vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows attackers to execute arbitrary SQL commands on the database. ...

This SQL injection vulnerability in Online Fire Reporting System v1.2 allows attackers to manipulate the 'teamid' parameter in '/ofrs/admin/edit-team....

This SQL injection vulnerability in Online Fire Reporting System v1.2 allows attackers to manipulate database queries through the 'requestid' paramete...

This SQL injection vulnerability in Online Fire Reporting System v1.2 allows attackers to manipulate database queries through the 'mobilenumber', 'tea...

An SQL injection vulnerability in appRain CMF 4.0.5 allows attackers to manipulate database queries through the 'data[Admin][username]' parameter in t...

An SQL injection vulnerability in appRain CMF 4.0.5 allows attackers to manipulate database queries through the 'data[Page][name]' parameter. This ena...

CVE-2025-57140 is a critical SQL injection vulnerability in rsbi-pom 4.7 that allows attackers to execute arbitrary SQL commands through the /bi/servi...

A SQL injection vulnerability in SUNNET Corporate Training Management System allows remote attackers to execute arbitrary SQL commands. This could lea...

This SQL injection vulnerability in oa_system oasys v1.1 allows remote attackers to execute arbitrary SQL commands via the allDirector() method. Attac...

CVE-2025-57819 is a critical vulnerability in FreePBX that allows unauthenticated attackers to bypass authentication, gain administrator access, manip...

This is a critical SQL injection vulnerability in the St. Joe ERP system that allows unauthenticated remote attackers to execute arbitrary SQL command...

CVE-2025-50972 is a critical SQL injection vulnerability in AbanteCart e-commerce software that allows unauthenticated attackers to execute arbitrary ...

CVE-2025-55575 is a critical SQL injection vulnerability in SMM Panel 3.1 that allows remote attackers to execute arbitrary SQL commands via crafted H...

CVE-2025-56212 is a critical SQL injection vulnerability in phpgurukul Hospital Management System 4.0 that allows attackers to execute arbitrary SQL c...

This SQL injection vulnerability in the LogIn-SignUp PHP project allows attackers to execute arbitrary SQL commands by manipulating login or registrat...

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the id_fichamedica parameter in the /html/saude/a...

CVE-2025-55167 is a critical SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands thro...

CVE-2024-32640 is a critical SQL injection vulnerability in MASA CMS that allows attackers to execute arbitrary SQL commands through the processAsyncO...

Hospital Management System v4 contains a SQL injection vulnerability in the patient_contact parameter of patientsearch.php. This allows attackers to e...

This SQL injection vulnerability in Hospital Management System v4 allows attackers to execute arbitrary SQL commands through the password2 parameter. ...

This SQL injection vulnerability in Hospital Management System v4 allows attackers to execute arbitrary SQL commands through the app_contact parameter...

A Boolean-based SQL injection vulnerability in Axelor 5.2.4 allows attackers to manipulate SQL queries via the _domain parameter. This enables data ex...

A SQL injection vulnerability in LimeSurvey v2.65.1+170522 allows attackers to manipulate database queries via the 'token' parameter in the '/index.ph...

This SQL injection vulnerability in Human Resource Management System version 1.0 allows attackers to manipulate database queries through the 'city' an...

This SQL injection vulnerability in Ncvav Virtual PBX Software allows attackers to execute arbitrary SQL commands through the application. All systems...

This CVE describes a critical SQL injection vulnerability in XWiki Platform that allows unauthenticated attackers to execute arbitrary SQL commands vi...

CVE-2025-54379 is a critical SQL injection vulnerability in LF Edge eKuiper's getLast API that allows unauthenticated remote attackers to execute arbi...

This SQL injection vulnerability in Moderec Tourtella allows attackers to execute arbitrary SQL commands through unvalidated user input. It affects al...

This SQL injection vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows attackers to execute arbitrary SQL commands on the database. It...

An SQL injection vulnerability in Sophos Firewall's legacy SMTP proxy allows remote attackers to execute arbitrary code on affected systems. This affe...

This SQL injection vulnerability in Digiwin's SFT software allows unauthenticated remote attackers to execute arbitrary SQL commands against the datab...

CVE-2025-7918 is a critical SQL injection vulnerability in WinMatrix3 Web package that allows unauthenticated remote attackers to execute arbitrary SQ...