CWE-89: SQL Injection

CVE-2025-7918 is a critical SQL injection vulnerability in WinMatrix3 Web package that allows unauthenticated remote attackers to execute arbitrary SQ...

This SQL injection vulnerability in the Articles Good Search extension for Joomla allows attackers to execute arbitrary SQL commands on affected syste...

CVE-2025-50240 is a critical SQL injection vulnerability in nbcio-boot v1.0.3 that allows attackers to execute arbitrary SQL commands via the userIds ...

This SQL injection vulnerability in Fortinet FortiWeb web application firewalls allows unauthenticated attackers to execute arbitrary SQL commands via...

A SQL injection vulnerability in WeGIA's /controle/control.php endpoint allows attackers to execute arbitrary SQL commands via the cargo parameter. Th...

This SQL injection vulnerability in MeterSphere allows attackers to execute arbitrary SQL commands through the sortField parameter in API endpoints. T...

A critical SQL injection vulnerability in Quiter Gateway versions before 4.7.0 allows attackers to manipulate database operations through the campo pa...

A SQL injection vulnerability in Quiter Gateway allows attackers to manipulate database operations through the 'campo mensaje' parameter in the /QISCl...

A critical SQL injection vulnerability in Quiter Gateway versions before 4.7.0 allows attackers to manipulate database queries through the pagina.filt...

A critical SQL injection vulnerability in Quiter Gateway allows attackers to manipulate database operations through the id_concesion parameter. This a...

A time-based blind SQL injection vulnerability exists in the WeGIA web manager for charitable institutions. Attackers can inject arbitrary SQL queries...

This SQL injection vulnerability in ClickandPledge Click & Pledge Connect WordPress plugin allows attackers to execute arbitrary SQL commands, potenti...

A critical SQL injection vulnerability in Daily Expense Manager v1.0 allows attackers to manipulate database operations through unvalidated parameters...

This SQL injection vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows attackers to execute arbitrary SQL commands on th...

This SQL injection vulnerability in Mavi Yeşil Software Guest Tracking Software allows attackers to execute arbitrary SQL commands through unvalidate...

This SQL injection vulnerability in Case Informatics Case ERP allows attackers to execute arbitrary SQL commands through the application. All organiza...

CVE-2015-0842 is a SQL injection vulnerability in yubiserver versions before 0.6 that allows attackers to manipulate database queries. This can lead t...

This SQL injection vulnerability in OS4Ed OpenSIS allows attackers to execute arbitrary SQL commands through manipulated student_id and TRANSFER{SCHOO...

This SQL injection vulnerability in CloudClassroom-PHP v1.0 allows attackers to execute arbitrary SQL commands through the unsanitized squeryx paramet...

This SQL injection vulnerability in Yirmibes Software MY ERP allows attackers to execute arbitrary SQL commands through unvalidated user input. It aff...

CVE-2025-6169 is a critical SQL injection vulnerability in HAMASTAR Technology's WIMP website co-construction management platform that allows unauthen...

This vulnerability allows authenticated XWiki users to execute arbitrary SQL queries on Oracle databases through unsanitized DBMS_XMLGEN and DBMS_XMLQ...

A critical SQL injection vulnerability in DM Corporative CMS allows attackers to manipulate database queries through the 'cod' parameter in /administe...

A critical SQL injection vulnerability in DM Corporative CMS allows attackers to manipulate database queries through the name and cod parameters in /a...

SQL injection vulnerabilities in multiple vector store integrations of run-llama/llama_index v0.12.21 allow attackers to execute arbitrary SQL command...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the File Provider plugin. Attackers can...

An SQL injection vulnerability in DuckDBVectorStore's delete function allows attackers to manipulate the ref_doc_id parameter to execute arbitrary SQL...

CVE-2025-48949 is a critical SQL injection vulnerability in Navidrome music server affecting versions 0.55.0 through 0.55.2. Attackers can exploit imp...

CVE-2025-40666 is a critical SQL injection vulnerability in TCMAN's GIM v11 that allows attackers to manipulate databases through the ArbolID paramete...

Unauthenticated SQL injection vulnerability in Infoblox NETMRI allows attackers to execute arbitrary SQL commands without authentication. This affects...

CVE-2024-6809 is a critical SQL injection vulnerability in the Simple Video Directory WordPress plugin that allows unauthenticated attackers to execut...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Push Notification for Post and Budd...

An error-based SQL injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands by injecting malicious payloads into t...

CVE-2025-28056 is a critical SQL injection vulnerability in rebuild's admin-cli/exec component that allows attackers to execute arbitrary SQL commands...

EngineerCMS versions 1.02 through 2.0.5 contain a SQL injection vulnerability in the /project/addproject interface. This allows attackers to execute a...

Billing Software v1.0 contains unauthenticated SQL injection vulnerabilities in the loginCheck.php file, allowing attackers to execute arbitrary SQL c...

CVE-2025-4559 is a critical SQL injection vulnerability in Netvision ISOinsight software that allows unauthenticated remote attackers to execute arbit...

This SQL injection vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to execute arbitrary SQL commands through th...

This vulnerability allows attackers to execute arbitrary SQL commands through the order_id parameter in user_payment_update.php. It affects SourceCode...

This vulnerability allows attackers to execute arbitrary SQL commands through the order_id parameter in the user_order_customer_update.php file of Sou...

An unauthenticated SQL injection vulnerability in WeGIA versions up to 3.3.0 allows attackers to execute arbitrary SQL commands via the /html/socio/si...

This CVE describes a stored cross-site scripting (XSS) vulnerability in BOINC Server that allows attackers to inject malicious scripts into web pages....

SeaCMS v13.3 contains a SQL injection vulnerability in the admin_comment_news.php component that allows attackers to execute arbitrary SQL commands. T...

An unauthenticated SQL injection vulnerability in TCMAN's GIM v11 allows attackers to execute arbitrary SQL commands through the 'User' and 'email' pa...

This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticated attackers to execute arbitrary SQL commands thr...

This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticated attackers to execute arbitrary SQL commands thr...

SeaCMS v13.3 contains a SQL injection vulnerability in the admin_topic.php component that allows attackers to execute arbitrary SQL commands. This aff...

This CVE describes a blind SQL injection vulnerability in Mydata Informatics Ticket Sales Automation software, allowing attackers to execute arbitrary...

CVE-2025-3708 is a critical SQL injection vulnerability in Le-show medical practice management system that allows unauthenticated remote attackers to ...

CVE-2025-44192 is a critical SQL injection vulnerability in Simple Barangay Management System v1.0 that allows attackers to execute arbitrary SQL comm...