CWE-89: SQL Injection

A critical SQL injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote attackers to execute arbitrary SQL commands v...

A critical SQL injection vulnerability in Bookgy allows attackers to manipulate database operations through unvalidated HTTP parameters. Attackers can...

CVE-2025-25403 is a critical SQL injection vulnerability in Slims 9 Bulian library management system that allows attackers to execute arbitrary SQL co...

This vulnerability allows attackers to execute arbitrary SQL commands via the kodetiket parameter in the Bus Ticket Booking System. Attackers can pote...

This vulnerability allows remote unauthenticated attackers to perform blind SQL injection on XWiki instances, potentially executing arbitrary SQL stat...

A SQL injection vulnerability in Dietiqa App v1.0.20 allows attackers to execute arbitrary SQL commands via the 'u' parameter in the progress-body-wei...

This critical SQL injection vulnerability in TeleControl Server Basic allows unauthenticated remote attackers to bypass authorization, read/write to t...

An unauthenticated SQL injection vulnerability in TeleControl Server Basic allows remote attackers to bypass authentication, read/write to the databas...

This SQL injection vulnerability in Sourcecodester Online ID Generator System 1.0 allows attackers to execute arbitrary SQL commands via the template ...

A SQL injection vulnerability in dingfanzuCMS v1.0 allows attackers to execute arbitrary SQL commands via the 'id' parameter in operateOrder.php. This...

CVE-2024-22611 is a critical SQL injection vulnerability in OpenEMR that allows attackers to execute arbitrary SQL commands through pharmacy-related c...

CVE-2025-29369 is a critical SQL injection vulnerability in Code-Projects Matrimonial Site V1.0 that allows attackers to execute arbitrary SQL command...

This SQL injection vulnerability in OS4ED openSIS allows attackers to execute arbitrary SQL commands via the groupid parameter in the Group.php messag...

This CVE describes a critical SQL injection vulnerability in vipshop Saturn's console dashboard component. Remote attackers can execute arbitrary SQL ...

CVE-2025-3011 is a critical SQL injection vulnerability in SOOP-CLM from PiExtract that allows unauthenticated remote attackers to execute arbitrary S...

This is an unauthenticated SQL injection vulnerability in Epicor HCM's JsonFetcher.svc endpoint that allows attackers to execute arbitrary SQL command...

Emlog Pro versions 2.5.7 and 2.5.8 contain an SQL injection vulnerability in search_controller.php due to improper input sanitization. Attackers can b...

A SQL injection vulnerability in WeGIA web management software allows attackers to manipulate database queries through the nextPage parameter. This en...

A SQL injection vulnerability in WeGIA versions before 3.2.8 allows attackers to execute arbitrary SQL commands through the id_funcionario parameter i...

This vulnerability allows attackers to execute arbitrary SQL commands through SEMCMS_Fuction.php in SEMCMS versions up to 5.0. Attackers can potential...

This SQL injection vulnerability in Convivance StandVoice's authentication module allows remote attackers to execute arbitrary SQL commands via the GE...

The Pods WordPress plugin before version 3.2.8.2 contains a SQL injection vulnerability due to insufficient input sanitization. This allows authentica...

A critical SQL injection vulnerability in eTRAKiT.net release 3.2.1.77 allows remote unauthenticated attackers to execute arbitrary SQL commands as th...

This SQL injection vulnerability in the FinanceChatLlamaPack allows attackers to execute arbitrary SQL queries through the database_agent's run_sql_qu...

A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index allows attackers to execute arbitrary SQL commands. ...

This SQL injection vulnerability in CM Informatics CM News allows attackers to execute arbitrary SQL commands through unvalidated user input. All user...

This SQL injection vulnerability in GLPI allows administrator users to execute arbitrary SQL commands through rules configuration forms. Attackers wit...

This SQL injection vulnerability in Vestel EVC04 Configuration Interface allows attackers to execute arbitrary SQL commands through the web interface....

A SQL injection vulnerability in Online Exam Mastering System v1.0 allows remote attackers to execute arbitrary SQL commands via the fid parameter. Th...

CVE-2025-26163 is a critical SQL injection vulnerability in CM Soluces Informatica Ltda Auto Atendimento software versions 1.x.x. Attackers can exploi...

CVE-2025-25763 is a SQL injection vulnerability in crmeb CRMEB-KY software that allows attackers to execute arbitrary SQL commands through the getRead...

This SQL injection vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows attackers to execute arbitrary SQL commands through the appl...

This SQL injection vulnerability in Boceksoft Informatics E-Travel allows attackers to execute arbitrary SQL commands on the database. It affects all ...

This SQL injection vulnerability in Vasion Print (formerly PrinterLogic) allows attackers to execute arbitrary SQL commands on the database. It affect...

This SQL injection vulnerability in Vasion Print (formerly PrinterLogic) allows attackers to execute arbitrary SQL commands on the database. It affect...

A SQL injection vulnerability in mysiteforme allows attackers to execute arbitrary SQL commands on the database. This affects all mysiteforme installa...

This is an unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ that allows remote attackers to execute arbitrary SQL quer...

A SQL injection vulnerability in 101news version 1.0 allows attackers to execute arbitrary SQL commands through the 'category' and 'subcategory' param...

A critical SQL injection vulnerability exists in 101news CMS version 1.0 through the 'pagetitle' and 'pagedescription' parameters in admin/contactus.p...

CVE-2025-1875 is a critical SQL injection vulnerability in 101news version 1.0 that allows attackers to execute arbitrary SQL commands through the 'se...

A SQL injection vulnerability in 101news version 1.0 allows attackers to execute arbitrary SQL commands through the username parameter in admin/check_...

GFast versions 2 through 3.2 contain a SQL injection vulnerability in the OrderBy parameter at the /system/operLog/list endpoint. This allows attacker...

A SQL injection vulnerability in Ciges 2.15.5 allows attackers to manipulate database operations through the $idServicio parameter in the /modules/aja...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_paylog.php that allows attackers to execute arbitrary SQL commands. This aff...

SeaCMS versions up to 13.3 contain a SQL injection vulnerability in the admin_zyk.php file that allows attackers to execute arbitrary SQL commands. Th...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_type_news.php that allows attackers to execute arbitrary SQL commands. This ...

CVE-2025-27135 is a critical SQL injection vulnerability in RAGFlow's ExeSQL component that allows attackers to execute arbitrary SQL commands on the ...

This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the DoTranExecSql parameter in phome.php....

This SQL injection vulnerability in NovaCHRON Smart Time Plus allows attackers to execute arbitrary SQL commands through the getCookieNames method. Or...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_members.php that allows attackers to execute arbitrary SQL commands. This af...