Fallos del tipo CWE-89

11.748 resultados
CVE-2024-6652MEDIUMitsourcecode Gym Management System manage_member.php sql injectionEPSS 0.6%CVE-2014-125084MEDIUMGimmie Plugin trigger_referral.php sql injectionEPSS 0.6%CVE-2024-6731MEDIUMSourceCodester Student Study Center Desk Management System Master.php sql injectionEPSS 0.6%CVE-2023-36361CRITICALAudimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.EPSS 0.6%CVE-2023-5336HIGHiPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.6%CVE-2024-6732MEDIUMSourceCodester Student Study Center Desk Management System Users.php sql injectionEPSS 0.6%CVE-2024-25524CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlaEPSS 0.6%CVE-2024-25518CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_aEPSS 0.6%CVE-2024-7548HIGHLearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order ParameterEPSS 0.6%CVE-2024-25521CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.EPSS 0.6%CVE-2024-33273CRITICALSQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.EPSS 0.6%CVE-2022-39822HIGHIn NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GETEPSS 0.6%CVE-2025-47785HIGHEMLOG SQL Injection VulnerabilityEPSS 0.6%CVE-2025-26346MEDIUMA CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMEPSS 0.6%CVE-2022-4889MEDIUMvisegripped Stracker api.php getHistory sql injectionEPSS 0.6%CVE-2024-25509CRITICALRuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_fileEPSS 0.6%CVE-2025-26348MEDIUMA CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu eEPSS 0.6%CVE-2023-7299MEDIUMDataGear resolveSql sql injectionEPSS 0.6%CVE-2024-2566HIGHFujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injectionEPSS 0.6%CVE-2022-45589HIGHAll versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks inEPSS 0.6%