Weaknesses of type CWE-89

11,540 results

CVE-2024-11728HIGHKiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL InjectionEPSS 13.3%CVE-2024-27746CRITICALSQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to thEPSS 12.9%CVE-2023-35036CRITICALIn Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL inEPSS 12.8%CVE-2021-22658—Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'AdmEPSS 12.7%CVE-2021-24915—Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address DisclosureEPSS 12.7%CVE-2024-31458MEDIUMCacti SQL Injection vulnerability in lib/html_form_templates.php by reading dirty data stored in databaseEPSS 12.6%CVE-2022-0781—Nirweb support < 2.8.2 - Unauthenticated SQLiEPSS 12.4%CVE-2020-26248MEDIUMBlind SQL injection during the CommentGrade processEPSS 12.4%CVE-2024-4257MEDIUMBlueNet Technology Clinical Browsing System deleteStudy.php sql injectionEPSS 12.1%CVE-2022-1768CRITICALRSVPMaker <= 9.3.2 - Unauthenticated SQL InjectionEPSS 12.0%CVE-2020-5724—The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthEPSS 11.9%CVE-2024-8529CRITICALLearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'EPSS 11.8%CVE-2022-34324HIGHMultiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add EPSS 11.8%CVE-2021-22654—Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose inforEPSS 11.8%CVE-2016-6566—The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end databaseEPSS 11.8%CVE-2024-6028CRITICALQuiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' ParameterEPSS 11.8%CVE-2022-0817—BadgeOS <= 3.7.0 - Unauthenticated SQLiEPSS 11.5%CVE-2022-0867—ARPrice Lite < 3.6.1 - Unauthenticated SQLiEPSS 11.3%CVE-2025-27892MEDIUMShopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists bEPSS 11.3%CVE-2021-24507—Astra Pro Addon < 3.5.2 - Unauthenticated SQL InjectionEPSS 11.3%

← previouspage 14 / 577next →