Weaknesses of type CWE-89

11,848 results
CVE-2025-53091CRITICALWeGIA has Unauthenticated Time-Based Blind SQL Injection in almox ParameterEPSS 0.5%CVE-2024-3200CRITICALwpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL InjectionEPSS 0.5%CVE-2024-57162HIGHCampcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.EPSS 0.5%CVE-2026-1121MEDIUMYonyou KSOA HTTP GET Parameter del_workplan.jsp sql injectionEPSS 0.5%CVE-2025-45020HIGHA SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System vEPSS 0.5%CVE-2025-1929HIGHSQLi in RiskTurk's Treasury Management SoftwareEPSS 0.5%CVE-2026-27461MEDIUMPimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clauseEPSS 0.5%CVE-2024-4743HIGHLifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.5%CVE-2024-31507HIGHSourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php.EPSS 0.5%CVE-2024-41802HIGHXibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data ImportEPSS 0.5%CVE-2023-0673MEDIUMSourceCodester Online Eyewear Shop sql injectionEPSS 0.5%CVE-2025-4559CRITICALNetvision ISOinsight - SQL InjectionEPSS 0.5%CVE-2026-7815HIGHpgAdmin 4: SQL injection in Maintenance tool option values leading to remote code executionEPSS 0.5%CVE-2025-11309MEDIUMTipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findDeptPage.do doFilter sql injectionEPSS 0.5%CVE-2026-39948CRITICALCacti has SQL Injection via rfilter parameter in RLIKE clausesEPSS 0.5%CVE-2025-4020MEDIUMPHPGurukul Old Age Home Management System contact.php sql injectionEPSS 0.5%CVE-2024-3720MEDIUMTianwell Fire Intelligent Command Platform API Interface page sql injectionEPSS 0.5%CVE-2025-10857MEDIUMCampcodes Point of Sale System POS login.php sql injectionEPSS 0.5%CVE-2024-40539MEDIUMmy-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.EPSS 0.5%CVE-2024-52436HIGHWordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerabilityEPSS 0.5%