Fallos del tipo CWE-89
11.540 resultadosCVE-2025-25181MEDIUMA SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL EPSS 50.4%KEVCVE-2024-8275CRITICALThe Events Calendar <= 6.6.4 - Unauthenticated SQL InjectionEPSS 49.7%CVE-2023-46347CRITICALIn the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SEPSS 49.6%CVE-2023-35924HIGHGLPI vulnerable to SQL injection via inventory agent requestEPSS 49.4%CVE-2017-17420—This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. AuthentEPSS 48.8%CVE-2023-51595CRITICALVoltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution VulnerabilityEPSS 48.2%CVE-2024-5725HIGHCentreon initCurveList SQL Injection Remote Code Execution VulnerabilityEPSS 47.6%CVE-2019-15984HIGHCisco Data Center Network Manager SQL Injection VulnerabilitiesEPSS 46.9%CVE-2021-24442—Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL InjectionEPSS 46.9%CVE-2025-2011HIGHSlider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' ParameterEPSS 46.7%CVE-2021-33731—A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitEPSS 46.6%CVE-2020-25695—A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker hEPSS 46.4%CVE-2024-24401CRITICALSQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitorinEPSS 45.9%CVE-2023-4708MEDIUMInfosoftbd Clcknshop GET Parameter all sql injectionEPSS 45.6%CVE-2023-41887CRITICALRemote Code exec in project import with mysql jdbc url attackEPSS 45.5%CVE-2022-0332—A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for EPSS 44.9%CVE-2023-36808HIGHGLPI vulnerable to SQL injection through Computer Virtual Machine informationEPSS 44.6%CVE-2024-48307CRITICALJeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.EPSS 44.3%CVE-2022-0479—Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site ScriptingEPSS 44.1%CVE-2023-29154HIGHSQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product witEPSS 44.0%