Weaknesses of type CWE-89

11,772 results
CVE-2024-7548HIGHLearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order ParameterEPSS 0.6%CVE-2024-33273CRITICALSQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.EPSS 0.6%CVE-2024-25521CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.EPSS 0.6%CVE-2024-25518CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_aEPSS 0.6%CVE-2022-39822HIGHIn NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GETEPSS 0.6%CVE-2025-0532MEDIUMCodezips Gym Management System new_submit.php sql injectionEPSS 0.6%CVE-2024-25509CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_fileEPSS 0.6%CVE-2024-25511CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.asEPSS 0.6%CVE-2022-4889MEDIUMvisegripped Stracker api.php getHistory sql injectionEPSS 0.6%CVE-2023-7299MEDIUMDataGear resolveSql sql injectionEPSS 0.6%CVE-2022-45589HIGHAll versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks inEPSS 0.6%CVE-2024-25507CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.asEPSS 0.6%CVE-2024-8855CRITICALWordPress Auction <= 3.7 - Editor+ SQL InjectionEPSS 0.6%CVE-2024-2566HIGHFujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injectionEPSS 0.6%CVE-2025-47785HIGHEMLOG SQL Injection VulnerabilityEPSS 0.6%CVE-2024-1251MEDIUMTongda OA 2017 delete.php sql injectionEPSS 0.6%CVE-2023-51805HIGHSQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey pEPSS 0.6%CVE-2024-8055HIGHLocal File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vannaEPSS 0.6%CVE-2022-42230HIGHSimple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manage_user&id=.EPSS 0.6%CVE-2025-58462CRITICALOPEXUS FOIAXpress PAL SQL injectionEPSS 0.6%