Weaknesses of type CWE-89

11,773 results
CVE-2025-32848HIGHA vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injEPSS 0.6%CVE-2024-31678CRITICALSourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.EPSS 0.6%CVE-2025-36588HIGHDell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL InjEPSS 0.6%CVE-2024-2478MEDIUMBradWenqiang HR Background Management register selectAll sql injectionEPSS 0.6%CVE-2022-25775MEDIUMSQL Injection in dynamic ReportsEPSS 0.6%CVE-2024-0558MEDIUMDedeBIZ makehtml_freelist_action.php sql injectionEPSS 0.6%CVE-2024-41237CRITICALA SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to executeEPSS 0.6%CVE-2025-50567CRITICALSaurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecaEPSS 0.6%CVE-2024-6735MEDIUMitsourcecode Tailoring Management System setgeneral.php sql injectionEPSS 0.6%CVE-2024-25845CRITICALIn the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injeEPSS 0.6%CVE-2018-25057MEDIUMsimple_php_link_shortener index.php sql injectionEPSS 0.6%CVE-2024-0729MEDIUMForU CMS cms_admin.php sql injectionEPSS 0.6%CVE-2024-0730MEDIUMProject Worlds Online Time Table Generator course_ajax.php sql injectionEPSS 0.6%CVE-2024-25526HIGHRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_incEPSS 0.6%CVE-2024-56047HIGHWordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerabilityEPSS 0.6%CVE-2025-44033CRITICALSQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaraEPSS 0.6%CVE-2024-51165HIGHSQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to suEPSS 0.6%CVE-2025-8499MEDIUMcode-projects Online Medicine Guide cusfindambulence2.php sql injectionEPSS 0.6%CVE-2024-50833LOWA SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password paEPSS 0.6%CVE-2022-2577MEDIUMSourceCodester Garage Management System edituser.php sql injectionEPSS 0.6%