Weaknesses of type CWE-89
11,612 resultsCVE-2021-29090HIGHImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo StatioEPSS 1.7%CVE-2026-34885HIGHWordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerabilityEPSS 1.7%CVE-2024-55982CRITICALWordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerabilityEPSS 1.7%CVE-2024-32844HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.7%CVE-2024-34784HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.7%CVE-2024-34780HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.7%CVE-2024-34782HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 1.7%CVE-2023-3047CRITICALSQLi in TMT's LockcellEPSS 1.7%CVE-2025-10090MEDIUMJinher OA GetTreeDate.aspx sql injectionEPSS 1.7%CVE-2025-9744MEDIUMCampcodes Online Loan Management System ajax.php sql injectionEPSS 1.7%CVE-2022-31197HIGHSQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbcEPSS 1.7%CVE-2021-24728—Paid Member Subscriptions < 2.4.2 - Authenticated SQL InjectionEPSS 1.7%CVE-2018-7501—In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prioEPSS 1.7%CVE-2021-24727—Block and Stop Bad Bots < 6.60 - Authenticated SQL InjectionsEPSS 1.7%CVE-2023-29622CRITICALPurchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/lEPSS 1.7%CVE-2024-2387MEDIUMAdvanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_idEPSS 1.7%CVE-2023-32590CRITICALWordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to SQL InjectionEPSS 1.6%CVE-2017-12731—A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSiEPSS 1.6%CVE-2021-22847HIGHHyweb HyCMS-J1 - SQL InjectionEPSS 1.6%CVE-2023-2215MEDIUMCampcodes Coffee Shop POS System manage_user.php sql injectionEPSS 1.6%