Weaknesses of type CWE-89
11,610 resultsCVE-2020-24400HIGHSQL injection allows arbitrary read from databaseEPSS 2.3%CVE-2022-44588CRITICALWordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL InjectionEPSS 2.3%CVE-2024-30498CRITICALWordPress CRM Perks Forms plugin <= 1.1.4 - Unauthenticated SQL Injection vulnerabilityEPSS 2.3%CVE-2024-30502CRITICALWordPress WP Travel Engine plugin <= 5.7.9 - Unauth. Blind SQL Injection vulnerabilityEPSS 2.3%CVE-2024-30490CRITICALWordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerabilityEPSS 2.3%CVE-2019-5151CRITICALAn exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injectiEPSS 2.3%CVE-2024-46908HIGHWhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation VulnerabilityEPSS 2.3%CVE-2024-46907HIGHWhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation VulnerabilityEPSS 2.3%CVE-2024-46905HIGHWhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation VulnerabilityEPSS 2.3%CVE-2021-4088HIGHBlind SQL injection in DLP ePO extensionEPSS 2.3%CVE-2016-7919HIGHMoodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting tEPSS 2.2%CVE-2024-36840CRITICALSQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive EPSS 2.2%CVE-2025-52472CRITICALXWiki Platform vulnerable to HQL injection via wiki and space search REST APIEPSS 2.2%CVE-2023-49954CRITICALThe CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email addressEPSS 2.2%CVE-2023-50578CRITICALMingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.EPSS 2.2%CVE-2021-24959—WP Email Users <= 1.7.6 - Subscriber+ SQL InjectionEPSS 2.2%CVE-2017-12710—A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, itEPSS 2.2%CVE-2024-51211CRITICALSQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is duEPSS 2.2%CVE-2025-1023CRITICALSQL Injection in ChurchCRM newCountName Parameter via EditEventTypes.phpEPSS 2.2%CVE-2019-10208HIGHA flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x beforEPSS 2.2%