Weaknesses of type CWE-89

11,795 results
CVE-2023-3396MEDIUMCampcodes Retro Cellphone Online Store index.php sql injectionEPSS 0.6%CVE-2024-1530MEDIUMECshop view_sendlist.php sql injectionEPSS 0.6%CVE-2025-32848HIGHA vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injEPSS 0.6%CVE-2025-32853HIGHA vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injEPSS 0.6%CVE-2025-36588HIGHDell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL InjEPSS 0.6%CVE-2024-2478MEDIUMBradWenqiang HR Background Management register selectAll sql injectionEPSS 0.6%CVE-2022-25775MEDIUMSQL Injection in dynamic ReportsEPSS 0.6%CVE-2024-0558MEDIUMDedeBIZ makehtml_freelist_action.php sql injectionEPSS 0.6%CVE-2024-41237CRITICALA SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to executeEPSS 0.6%CVE-2025-50567CRITICALSaurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecaEPSS 0.6%CVE-2024-6735MEDIUMitsourcecode Tailoring Management System setgeneral.php sql injectionEPSS 0.6%CVE-2024-25845CRITICALIn the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injeEPSS 0.6%CVE-2018-25057MEDIUMsimple_php_link_shortener index.php sql injectionEPSS 0.6%CVE-2024-25526HIGHRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_incEPSS 0.6%CVE-2024-0730MEDIUMProject Worlds Online Time Table Generator course_ajax.php sql injectionEPSS 0.6%CVE-2024-56047HIGHWordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerabilityEPSS 0.6%CVE-2024-0729MEDIUMForU CMS cms_admin.php sql injectionEPSS 0.6%CVE-2025-44033CRITICALSQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaraEPSS 0.6%CVE-2024-51165HIGHSQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to suEPSS 0.6%CVE-2024-8221MEDIUMSourceCodester Music Gallery Site manage_category.php sql injectionEPSS 0.6%