Fallos del tipo CWE-89

11.650 resultados
CVE-2023-30545HIGHPrestaShop arbitrary file read vulnerabilityEPSS 0.9%CVE-2024-29870CRITICALSQL injection vulnerability in SentrifugoEPSS 0.9%CVE-2024-29871CRITICALSQL injection vulnerability in SentrifugoEPSS 0.9%CVE-2023-28438MEDIUMPimcore vulnerable to improper quoting of filters in Custom ReportsEPSS 0.9%CVE-2024-46626HIGHOS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.EPSS 0.9%CVE-2021-36503CRITICALSQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php fEPSS 0.9%CVE-2023-28108HIGHPimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID ModelEPSS 0.9%CVE-2022-38868HIGHSQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.EPSS 0.9%CVE-2022-46051HIGHThe approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.EPSS 0.9%CVE-2024-27289HIGHpgx SQL Injection via Line Comment CreationEPSS 0.9%CVE-2022-4151MEDIUMContest Gallery < 19.1.5 - Admin+ SQL InjectionEPSS 0.9%CVE-2021-36432HIGHSQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_maskEPSS 0.9%CVE-2022-42249HIGHSimple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=.EPSS 0.9%CVE-2023-5709HIGHWD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.9%CVE-2022-40093HIGHOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/upEPSS 0.9%CVE-2024-31212MEDIUMSQL injection in index_chart_data actionEPSS 0.9%CVE-2023-23459CRITICALPriority Windows – Command Execution via SQL Injection EPSS 0.9%CVE-2017-20128HIGHKB Messages PHP Script sql injectionEPSS 0.9%CVE-2023-40046HIGHWS_FTP Server SQL Injection via Administrative InterfaceEPSS 0.9%CVE-2022-40091HIGHOnline Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/upEPSS 0.9%