Fallos del tipo CWE-89

11.650 resultados
CVE-2023-1595MEDIUMnovel-plus list sql injectionEPSS 0.9%CVE-2022-47859CRITICALLead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.EPSS 0.9%CVE-2023-37258HIGHDataEase has a SQL injection vulnerability that can bypass blacklistsEPSS 0.9%CVE-2023-1498MEDIUMcode-projects Responsive Hotel Site Newsletter Log messages.php sql injectionEPSS 0.9%CVE-2023-7105MEDIUMcode-projects E-Commerce Website index_search.php sql injectionEPSS 0.9%CVE-2022-43212CRITICALBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.EPSS 0.9%CVE-2023-3307MEDIUMminiCal sql injectionEPSS 0.9%CVE-2022-43215CRITICALBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.EPSS 0.9%CVE-2022-48120CRITICALSQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021EPSS 0.9%CVE-2023-48253HIGHThe vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTEPSS 0.9%CVE-2024-37857HIGHSQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to phpEPSS 0.9%CVE-2020-21486HIGHSQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerworEPSS 0.9%CVE-2020-3154MEDIUMCisco Cloud Web Security SQL Injection VulnerabilityEPSS 0.9%CVE-2024-34310HIGHJin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.EPSS 0.9%CVE-2023-28701CRITICALELITE Web Fax - SQL InjectionEPSS 0.9%CVE-2023-3457MEDIUMSourceCodester Shopping Website index.php sql injectionEPSS 0.9%CVE-2023-3458MEDIUMSourceCodester Shopping Website forgot-password.php sql injectionEPSS 0.9%CVE-2020-27237MEDIUMAn exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclatuEPSS 0.9%CVE-2020-27239MEDIUMAn exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAsseEPSS 0.9%CVE-2015-10122MEDIUMwp-donate Plugin donate-display.php sql injectionEPSS 0.9%