CWE-89: SQL Injection

A critical SQL injection vulnerability in QNAP SMB Service allows remote attackers to execute arbitrary SQL commands. This affects QNAP NAS devices ru...

A SQL injection vulnerability in QuRouter allows remote attackers to execute arbitrary SQL commands. This affects all QuRouter systems running vulnera...

This is a critical SQL injection vulnerability in Siemens Healthineers syngo.plaza VB30E medical imaging software. Attackers with application access c...

This vulnerability allows SQL injection attacks in Django applications when using the django.db.models.fields.json.HasKey lookup directly with untrust...

CVE-2024-41579 is a critical SQL injection vulnerability in DTStack Taier 1.4.0 that allows remote attackers to execute arbitrary SQL commands via the...

ZZCMS 2023 contains a SQL injection vulnerability in the /q/show.php endpoint that allows attackers to execute arbitrary SQL commands. This affects al...

A SQL injection vulnerability in Siyuan 3.1.11 allows attackers to execute arbitrary SQL commands via the notebook parameter in the /searchHistory end...

A SQL injection vulnerability in Siyuan 3.1.11 allows attackers to execute arbitrary SQL commands via the ids array parameter in the /batchGetBlockAtt...

This SQL injection vulnerability in qiwen-file v1.4.0 allows attackers to execute arbitrary SQL commands through the NoticeMapper.xml component. This ...

This NoSQL injection vulnerability in Adapt Learning Authoring Tool allows unauthenticated attackers to reset any user's password, including administr...

CVE-2024-53438 is a critical SQL injection vulnerability in ChurchCRM 5.7.0 that allows attackers to execute arbitrary SQL commands by manipulating th...

CVE-2024-52675 is a critical SQL injection vulnerability in SourceCodester Sentiment Based Movie Rating System 1.0 that allows attackers to execute ar...

NUS-M9 ERP Management Software v3.0.0 contains a SQL injection vulnerability in the login endpoint that allows attackers to execute arbitrary SQL comm...

KASO v9.0 contains a SQL injection vulnerability in the person_id parameter at /cardcase/editcard.jsp that allows attackers to execute arbitrary SQL c...

This SQL injection vulnerability in the KASHIPARA E-learning Management System login page allows attackers to execute arbitrary SQL commands through u...

This critical SQL injection vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to execute arbitrary SQL commands, potent...

PowerJob versions 3.20 and above contain a SQL injection vulnerability in the version parameter that allows attackers to execute arbitrary SQL command...

This SQL injection vulnerability in PHPGurukul Online Marriage Registration System v1.0 allows unauthenticated attackers to execute arbitrary SQL comm...

CVE-2024-11020 is a critical SQL injection vulnerability in Webopac software from Grand Vice info that allows unauthenticated attackers to execute arb...

CVE-2024-11016 is a critical SQL injection vulnerability in Webopac from Grand Vice info that allows unauthenticated attackers to execute arbitrary SQ...

This SQL injection vulnerability in OS4ED openSIS-Classic allows attackers to execute arbitrary SQL commands by manipulating the $username_stn_id para...

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in takeSurvey.php. It affects all deployments of Source...

This SQL injection vulnerability in ProjectWorld's Travel Management System v1.0 allows attackers to bypass authentication by injecting malicious SQL ...

This SQL injection vulnerability in lunary-ai/lunary v1.4.2 allows attackers to execute arbitrary SQL commands through the `/api/v1/external-users` en...

This SQL injection vulnerability in Phpgurukul Teachers Record Management System v2.1 allows attackers to execute arbitrary SQL commands via the tid p...

A NoSQL injection vulnerability in AquilaCMS allows unauthenticated attackers to reset any user or administrator account passwords via the password re...

This vulnerability allows SQL injection through prompt injection in langchain-ai/langchain's GraphCypherQAChain class. Attackers can manipulate databa...

A prompt injection vulnerability in langchain-ai/langchainjs GraphCypherQAChain class allows attackers to inject SQL commands through manipulated prom...

LyLme Spage versions up to 1.6.0 contain a SQL injection vulnerability in the /admin/group.php endpoint. This allows attackers to execute arbitrary SQ...

LyLme Spage versions 1.2.0 through 1.6.0 contain a SQL injection vulnerability in the /admin/apply.php endpoint. This allows attackers to execute arbi...

The eHDR CTMS from Sunnet contains a SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands. This ...

This SQL injection vulnerability in the Best Courier Management System v1.0 allows remote attackers to execute arbitrary SQL commands via the email pa...

This SQL injection vulnerability in Online Complaint Site v1.0 allows remote attackers to execute arbitrary SQL commands via the username and password...

Learning with Texts (LWT) 2.0.3 contains a SQL injection vulnerability that allows attackers to manipulate database queries through URL parameters. Th...

This SQL injection vulnerability in the Kento Post View Counter WordPress plugin allows unauthenticated attackers to execute arbitrary SQL queries thr...

CVE-2024-48411 is a critical SQL injection vulnerability in itsourcecode Online Tours and Travels Management System v1.0 that allows attackers to exec...

This vulnerability allows attackers to execute arbitrary SQL commands through the searchkey parameter in the admin search functionality of Phpgurukul ...

A critical SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0 allows remote attackers to execute arbitrary SQL commands via the ...

CVE-2024-9982 is a critical SQL injection vulnerability in the AIM LINE Marketing Platform from Esi Technology. Unauthenticated attackers can execute ...

ChanGate Property Management System contains an unauthenticated SQL injection vulnerability (CWE-89) that allows remote attackers to execute arbitrary...

Jepaas v7.2.8 contains a SQL injection vulnerability in the orderSQL parameter at /homePortal/loadUserMsg endpoint. This allows attackers to execute a...

CVE-2024-48251 is an unauthenticated SQL injection vulnerability in Wavelog 1.8.5 that allows attackers to execute arbitrary SQL commands through the ...

Cloudlog 2.6.15 contains an unauthenticated SQL injection vulnerability in the Oqrs.php delete_oqrs_line function. This allows attackers to execute ar...

CVE-2024-7099 is a critical SQL injection vulnerability in netease-youdao/qanything version 1.4.1 that allows attackers to execute arbitrary SQL queri...

CVE-2024-46532 is a critical SQL injection vulnerability in OpenHIS v1.0 that allows attackers to execute arbitrary SQL commands through the refund fu...

The WP-Advanced-Search WordPress plugin before version 3.3.9.2 contains an SQL injection vulnerability in the 't' parameter that is not properly sanit...

CVE-2024-43468 is a critical SQL injection vulnerability in Microsoft Configuration Manager that allows remote attackers to execute arbitrary code on ...

This SQL injection vulnerability in Fujian Kelixin Communication Command and Dispatch Platform allows attackers to execute arbitrary SQL commands via ...

This SQL injection vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to change user passwords. It affects versions up t...

This SQL injection vulnerability in SOPlanning versions before 1.45 allows remote attackers to execute arbitrary SQL queries through the 'by' paramete...