Weaknesses of type CWE-89

11,767 results
CVE-2023-0533MEDIUMSourceCodester Online Tours & Travels Management System expense_report.php sql injectionEPSS 0.6%CVE-2024-7307MEDIUMSourceCodester Establishment Billing Management System manage_billing.php sql injectionEPSS 0.6%CVE-2024-6652MEDIUMitsourcecode Gym Management System manage_member.php sql injectionEPSS 0.6%CVE-2024-42533CRITICALSQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitraEPSS 0.6%CVE-2014-125084MEDIUMGimmie Plugin trigger_referral.php sql injectionEPSS 0.6%CVE-2022-43447HIGHDelta Electronics DIAEnergie SQL InjectionEPSS 0.6%CVE-2023-5336HIGHiPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.6%CVE-2023-36361CRITICALAudimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.EPSS 0.6%CVE-2024-25518CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_aEPSS 0.6%CVE-2024-7548HIGHLearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order ParameterEPSS 0.6%CVE-2024-25521CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.EPSS 0.6%CVE-2024-33273CRITICALSQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.EPSS 0.6%CVE-2022-39822HIGHIn NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GETEPSS 0.6%CVE-2024-6732MEDIUMSourceCodester Student Study Center Desk Management System Users.php sql injectionEPSS 0.6%CVE-2024-6731MEDIUMSourceCodester Student Study Center Desk Management System Master.php sql injectionEPSS 0.6%CVE-2024-25524CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlaEPSS 0.6%CVE-2024-25511CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.asEPSS 0.6%CVE-2023-7299MEDIUMDataGear resolveSql sql injectionEPSS 0.6%CVE-2022-42230HIGHSimple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.EPSS 0.6%CVE-2024-8055HIGHLocal File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vannaEPSS 0.6%