Fallos del tipo CWE-89

11.633 resultados
CVE-2020-15176HIGHSQL injection in GLPIEPSS 1.1%CVE-2017-12302A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact tEPSS 1.1%CVE-2022-40944CRITICALDairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.EPSS 1.1%CVE-2020-21400HIGHSQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modiEPSS 1.1%CVE-2020-20491HIGHSQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin functionEPSS 1.1%CVE-2024-8944MEDIUMcode-projects Hospital Management System check_availability.php sql injectionEPSS 1.1%CVE-2024-13478HIGHLTL Freight Quotes – TForce Edition <= 3.6.4 - Unauthenticated SQL InjectionEPSS 1.1%CVE-2024-2014HIGHPanabit Panalog sprog_upstatus.php sql injectionEPSS 1.1%CVE-2020-7383MEDIUMSQL Injection in Rapid7 NexposeEPSS 1.1%CVE-2022-42109CRITICALOnline-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.EPSS 1.1%CVE-2022-2421CRITICALSocket.io - Improper type validation in attachment parsingEPSS 1.1%CVE-2022-37205HIGHJFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its EPSS 1.1%CVE-2022-37209HIGHJFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its EPSS 1.1%CVE-2023-37177CRITICALSQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via thEPSS 1.1%CVE-2024-55988CRITICALWordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerabilityEPSS 1.1%CVE-2025-59499HIGHMicrosoft SQL Server Elevation of Privilege VulnerabilityEPSS 1.1%CVE-2021-33735A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitEPSS 1.1%CVE-2019-7478A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8EPSS 1.1%CVE-2021-25023Speed Booster Pack < 4.3.3.1 - Admin+ SQL InjectionEPSS 1.1%CVE-2024-46532CRITICALSQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.classEPSS 1.1%