Fallos del tipo CWE-89

11.633 resultados
CVE-2019-3797LOWAdditional information exposure with Spring Data JPA derived queriesEPSS 1.1%CVE-2022-40043HIGHCentreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/NotEPSS 1.1%CVE-2021-31869MEDIUMPimcore AdminBundle 'specificID' SQL InjectionEPSS 1.1%CVE-2024-10835CRITICALArbitrary File Write via SQL Injection in eosphoros-ai/db-gptEPSS 1.1%CVE-2021-1365HIGHCisco Unified Communications Manager IM & Presence Service SQL Injection VulnerabilitiesEPSS 1.1%CVE-2021-1363HIGHCisco Unified Communications Manager IM & Presence Service SQL Injection VulnerabilitiesEPSS 1.1%CVE-2022-38923CRITICALBluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-basEPSS 1.1%CVE-2024-42361HIGHGHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}EPSS 1.1%CVE-2022-37208HIGHJFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses itsEPSS 1.1%CVE-2025-13652MEDIUMCBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` ParameterEPSS 1.1%CVE-2022-32211HIGHA SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password tEPSS 1.1%CVE-2017-20067HIGHHindu Matrimonial Script sql injectionEPSS 1.1%CVE-2021-21427CRITICALBackport for CVE-2021-21024 Blind SQLi from Magento 2EPSS 1.1%CVE-2024-31821HIGHSQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker tEPSS 1.1%CVE-2021-44779HIGHWordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerabilityEPSS 1.1%CVE-2023-4407MEDIUMCodecanyon Credit Lite POST Request account_statement sql injectionEPSS 1.1%CVE-2023-25158CRITICALUnfiltered SQL Injection in GeotoolsEPSS 1.1%CVE-2022-48011CRITICALOpencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.EPSS 1.1%CVE-2023-31938HIGHSQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parEPSS 1.1%CVE-2023-31939HIGHSQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_iEPSS 1.1%