Falhas do tipo CWE-89
11.540 resultadosCVE-2022-21234CRITICALAn SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP requeEPSS 71.3%CVE-2022-22149CRITICALA SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HEPSS 71.3%CVE-2016-2386CRITICALSQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands vEPSS 71.1%KEVCVE-2026-26980CRITICALGhost has a SQL Injection in its Content APIEPSS 70.0%CVE-2022-21210MEDIUMAn SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP reqEPSS 69.8%CVE-2024-32640CRITICALMasaCMS SQL Injection vulnerabilityEPSS 68.6%CVE-2024-34781HIGHSQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticEPSS 67.7%CVE-2024-23115HIGHCentreon updateGroups SQL Injection Remote Code Execution VulnerabilityEPSS 67.5%CVE-2023-46727HIGHGLPI SQL injection through inventory agent requestEPSS 67.1%CVE-2022-43672CRITICALZoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a diffeEPSS 67.1%CVE-2021-24321—Bello < 1.6.0 - Unauthenticated Blind SQL InjectionEPSS 66.6%CVE-2022-23305CRITICALSQL injection in JDBC Appender in Apache Log4j V1EPSS 66.5%CVE-2021-42131—A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform priviEPSS 66.5%CVE-2024-35286CRITICALA vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection EPSS 65.6%CVE-2023-1578MEDIUM SQL Injection in pimcore/pimcoreEPSS 65.1%CVE-2022-1429HIGHSQL injection in GridHelperService.php in pimcore/pimcoreEPSS 64.6%CVE-2024-29822CRITICALAn unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the samEPSS 64.4%CVE-2024-13162HIGHSQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticEPSS 64.2%CVE-2024-29889HIGHGLPI contains an SQL injection through the saved searchesEPSS 63.2%CVE-2023-6360HIGHThe 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' paEPSS 63.1%