Weaknesses of type CWE-89
11,612 resultsCVE-2024-36428HIGHOrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.EPSS 1.7%CVE-2014-125115CRITICALPandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCEEPSS 1.7%CVE-2024-32655HIGHNpgsql Vulnerable to SQL Injection via Protocol Message Size OverflowEPSS 1.7%CVE-2017-3181—Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL queryEPSS 1.7%CVE-2021-26609HIGHWordPress Mangboard SQL-Injection vulnerabilityEPSS 1.7%CVE-2019-11821HIGHSQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackEPSS 1.7%CVE-2021-41971—Possible SQL Injection when template processing is enabledEPSS 1.7%CVE-2026-46364CRITICALphpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptchaEPSS 1.7%CVE-2020-5725—The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthEPSS 1.7%CVE-2025-2221HIGHWPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL InjectionEPSS 1.7%CVE-2021-24949—The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL InjectionEPSS 1.7%CVE-2025-6403MEDIUMcode-projects School Fees Payment System student.php sql injectionEPSS 1.7%CVE-2023-30839CRITICALPrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"EPSS 1.7%CVE-2023-39359HIGHAuthenticated SQL injection vulnerability in graphs.php in CactiEPSS 1.7%CVE-2023-39358HIGHAuthenticated SQL injection vulnerability in reports_user.php in CactiEPSS 1.7%CVE-2023-0904MEDIUMSourceCodester Employee Task Management System task-details.php sql injectionEPSS 1.7%CVE-2020-13525MEDIUMThe sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMEPSS 1.7%CVE-2020-13526MEDIUMSQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an EPSS 1.7%CVE-2024-49574HIGHSQL InjectionEPSS 1.7%CVE-2023-5153MEDIUMD-Link DAR-8000 querysql.php sql injectionEPSS 1.7%