Weaknesses of type CWE-89
11,540 resultsCVE-2024-9379MEDIUMSQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to ruEPSS 43.6%KEVCVE-2024-32848CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 43.4%CVE-2024-34783CRITICALAn unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin pEPSS 43.4%CVE-2020-12271CRITICALA SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wildEPSS 43.1%KEVCVE-2023-2114HIGHNEX-Forms < 8.4 - Admin+ SQL InjectionEPSS 43.0%CVE-2021-44026CRITICALRoundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.EPSS 42.9%KEVCVE-2022-0773—Documentor <= 1.5.3 - Unauthenticated SQLiEPSS 42.8%CVE-2023-28662CRITICALThe Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerabilitEPSS 42.2%CVE-2024-45387CRITICALApache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_commentsEPSS 41.8%CVE-2023-0562HIGHPHPGurukul Bank Locker Management System Login index.php sql injectionEPSS 41.2%CVE-2024-38289CRITICALA boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated EPSS 40.9%CVE-2024-5723HIGHCentreon updateServiceHost SQL Injection Remote Code Execution VulnerabilityEPSS 40.7%CVE-2023-1730CRITICALSupportCandy < 3.1.5 - Unauthenticated SQLiEPSS 40.6%CVE-2024-46906HIGHWhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation VulnerabilityEPSS 40.6%CVE-2024-50330CRITICALSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthentEPSS 40.5%CVE-2024-1601HIGHSQL Injection in parisneo/lollms-webuiEPSS 40.4%CVE-2021-20016CRITICALA SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to accessEPSS 40.0%KEVCVE-2025-61675HIGHFreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parametersEPSS 39.0%CVE-2024-54146HIGHCacti has a SQL Injection vulnerability when view host templateEPSS 38.6%CVE-2021-24750—WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL InjectionEPSS 38.3%