Falhas do tipo CWE-89
11.540 resultadosCVE-2022-40032CRITICALSQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackerEPSS 20.7%CVE-2022-43775CRITICALThe HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution onEPSS 20.6%CVE-2017-20029HIGHPHPList Edit Subscription index.php sql injectionEPSS 20.4%CVE-2024-37148HIGHGLPI allows account takeover via SQL Injection in AJAX scriptsEPSS 20.4%CVE-2022-1556—StaffList < 3.1.5 - Admin+ SQLiEPSS 20.4%CVE-2024-32480HIGHLibreNMS's Time-Based Blind SQL injection leads to database extractionEPSS 20.3%CVE-2025-36527HIGHSQL InjectionEPSS 20.2%CVE-2024-39309CRITICALZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityEPSS 20.2%CVE-2021-21924HIGHA specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilitieEPSS 20.2%CVE-2023-4548MEDIUMSPA-Cart eCommerce CMS GET Parameter search sql injectionEPSS 20.1%CVE-2021-38393—A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5EPSS 19.9%CVE-2021-38390—A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5EPSS 19.8%CVE-2024-6457CRITICALHUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL InjectionEPSS 19.7%CVE-2024-8191HIGHSQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attackerEPSS 19.6%CVE-2024-31750CRITICALSQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.EPSS 19.4%CVE-2022-46887CRITICALMultiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] EPSS 19.4%CVE-2022-1378CRITICALDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This EPSS 19.4%CVE-2022-1366CRITICALDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This alEPSS 19.4%CVE-2024-32501CRITICALA SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13,EPSS 19.2%CVE-2025-64459CRITICALPotential SQL injection via _connector keyword argument in QuerySet and Q objectsEPSS 19.1%