Fallos del tipo CWE-89

11.712 resultados
CVE-2025-22974CRITICALSQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter iEPSS 0.8%CVE-2024-0389MEDIUMSourceCodester Student Attendance System attendance_report.php sql injectionEPSS 0.8%CVE-2023-1365HIGHSourceCodester Online Pizza Ordering System ajax.php sql injectionEPSS 0.8%CVE-2023-2051MEDIUMCampcodes Advanced Online Voting System positions_row.php sql injectionEPSS 0.8%CVE-2023-4740MEDIUMIBOS OA Delete Draft delDraft&archiveId=0 sql injectionEPSS 0.8%CVE-2023-31752CRITICALSourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.EPSS 0.8%CVE-2022-47790CRITICALSourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.EPSS 0.8%CVE-2025-62392MEDIUMSQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the dataEPSS 0.8%CVE-2023-26550CRITICALA SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON fieEPSS 0.8%CVE-2022-47740CRITICALSeltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.EPSS 0.8%CVE-2022-41390CRITICALOcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.EPSS 0.8%CVE-2022-44139CRITICALApartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.EPSS 0.8%CVE-2023-26905CRITICALAn issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the bEPSS 0.8%CVE-2023-30076CRITICALSourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_evEPSS 0.8%CVE-2023-33734CRITICALBlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.EPSS 0.8%CVE-2012-5872CRITICALARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPEPSS 0.8%CVE-2023-27052CRITICALE-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.EPSS 0.8%CVE-2023-31707CRITICALSEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.EPSS 0.8%CVE-2022-43135CRITICALOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostEPSS 0.8%CVE-2023-30203CRITICALJudging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.pEPSS 0.8%