CWE-89: SQL Injection

A SQL injection vulnerability in WeGIA's personalizacao_upload.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can ...

A SQL injection vulnerability in WeGIA's historico_paciente.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unautho...

A SQL injection vulnerability in WeGIA's restaurar_produto_desocultar.php endpoint allows authenticated attackers to execute arbitrary SQL queries. Th...

CVE-2025-26612 is a critical SQL injection vulnerability in WeGIA's adicionar_almoxarife.php endpoint that allows attackers to execute arbitrary SQL q...

A SQL injection vulnerability in WeGIA's informacao_adicional.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unaut...

A SQL injection vulnerability in WeGIA's dependente_docdependente.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to u...

A critical SQL injection vulnerability in ChurchCRM versions 5.13.0 and earlier allows attackers to execute arbitrary database queries through the Edi...

A SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to execute arbitrary SQL commands via the editid parameter...

CVE-2025-25349 is a critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker System v1.1 that allows attackers to execute arbitrary SQ...

A critical SQL injection vulnerability in Emoncms allows attackers to execute arbitrary SQL commands through the /feed/insert.json endpoint. This affe...

An SQL injection vulnerability in PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries through the column parameter i...

This SQL injection vulnerability in Responsive E-Learning System 1.0 allows remote attackers to execute arbitrary SQL commands through the 'id' parame...

This SQL injection vulnerability in WeGIA's get_detalhes_socio.php endpoint allows authenticated attackers to execute arbitrary SQL queries. Attackers...

CVE-2025-24905 is a critical SQL injection vulnerability in WeGIA's get_codigobarras_cobranca.php endpoint that allows authenticated attackers to exec...

Moss v0.1.3 contains an SQL injection vulnerability in the order parameter that allows attackers to execute arbitrary SQL commands. This affects all s...

An unauthenticated SQL injection vulnerability in ZZCMS front-end allows attackers to execute arbitrary SQL commands against the database. This affect...

SQL injection vulnerability in TeamCal Neo version 3.8.2 allows attackers to execute arbitrary SQL commands via the 'abs' parameter. This could lead t...

This SQL injection vulnerability in Online Food Ordering System v1.0 allows attackers to bypass authentication by injecting malicious SQL queries thro...

A critical SQL injection vulnerability in Synnefo Internet Management Software (IMS) allows attackers to execute arbitrary SQL commands via a specific...

This SQL injection vulnerability in pearProjectApi allows attackers to execute arbitrary SQL commands through the projectCode parameter. Any system ru...

CVE-2025-23218 is a critical SQL injection vulnerability in WeGIA's adicionar_especie.php endpoint that allows attackers to execute arbitrary SQL comm...

CVE-2025-23220 is a critical SQL injection vulnerability in WeGIA's adicionar_raca.php endpoint that allows attackers to execute arbitrary SQL command...

CVE-2025-0585 is a critical SQL injection vulnerability in a+HRD software from aEnrich Technology that allows unauthenticated remote attackers to exec...

CVE-2024-57035 is a critical SQL injection vulnerability in WeGIA v3.2.0 that allows attackers to execute arbitrary SQL commands via the nextPage para...

CVE-2024-57034 is a critical SQL injection vulnerability in WeGIA versions before 3.2.0 that allows attackers to execute arbitrary SQL commands throug...

WeGIA versions below 3.2.0 contain a SQL injection vulnerability in the /funcionario/remuneracao.php endpoint via the id_funcionario parameter. This a...

This SQL injection vulnerability in JFinalOA allows attackers to execute arbitrary SQL commands through the validRoleKey parameter. It affects all sys...

CVE-2025-0455 is a critical SQL injection vulnerability in NetVision Information's airPASS product that allows unauthenticated remote attackers to exe...

This SQL injection vulnerability in the WordPress Auction Plugin allows authenticated users with editor privileges or higher to execute arbitrary SQL ...

This CVE describes a blind SQL injection vulnerability in the Tasklists plugin for GLPI. Attackers can exploit this to execute arbitrary SQL commands ...

CVE-2024-47926 is a critical SQL injection vulnerability in Tecnick TCExam that allows attackers to execute arbitrary SQL commands. This affects all T...

A critical SQL injection vulnerability in Smart Agent v1.1.0 allows remote attackers to execute arbitrary SQL commands via the 'id' parameter in the /...

SmartAgent v1.1.0 contains a SQL injection vulnerability in the /tests/interface.php endpoint via the id parameter. This allows attackers to execute a...

This SQL injection vulnerability in CodeAstro Complaint Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the id pa...

This critical vulnerability allows unauthenticated attackers to execute SQL injection attacks against Sophos Firewall's email protection feature. Succ...

This SQL injection vulnerability in Mobil365 Informatics Saha365 App allows attackers to execute arbitrary SQL commands by injecting malicious input. ...

This SQL injection vulnerability in RTI Connext Professional's Queuing Service allows attackers to execute arbitrary SQL commands by injecting malicio...

This CVE describes an N1QL injection vulnerability in PlexTrac that allows attackers to execute arbitrary N1QL commands against the underlying databas...

A SQL injection vulnerability in the PHPGurukul Pre-School Enrollment System allows remote attackers to execute arbitrary SQL commands via the mobilen...

A SQL injection vulnerability in the phpgurukul Online Nurse Hiring System v1.0 allows remote attackers to execute arbitrary SQL commands via the user...

This SQL injection vulnerability in phpgurukul Online Nurse Hiring System v1.0 allows attackers to execute arbitrary SQL commands through the mobileno...

This vulnerability allows attackers to execute arbitrary SQL commands through the emailcont parameter in login.php. It affects all users of Phpgurukul...

CVE-2024-55586 is an SQL injection vulnerability in Nette Database that occurs when untrusted filter data is passed directly to the where() method. Th...

A SQL injection vulnerability in kashipara E-learning Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the departm...

A SQL injection vulnerability in kashipara E-learning Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the id para...

A SQL injection vulnerability in kashipara E-learning Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the id para...

Kashipara E-learning Management System v1.0 contains a SQL injection vulnerability in the delete_class.php admin endpoint. This allows attackers to ex...

A SQL injection vulnerability in kashipara E-learning Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the teacher...

This SQL injection vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows attackers to execute arbitrary SQL co...

This SQL injection vulnerability in Apache Superset allows attackers to bypass SQL authorization by exploiting unvalidated PostgreSQL functions. Attac...