Falhas do tipo CWE-89

11.623 resultados
CVE-2025-6095MEDIUMcodesiddhant Jasmin Ransomware checklogin.php sql injectionEPSS 1.5%CVE-2020-12014Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL coEPSS 1.5%CVE-2019-5150HIGHAn exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticaEPSS 1.5%CVE-2021-22854HIGHSoar Cloud System Co., Ltd. HR Portal - SQL InjectionEPSS 1.5%CVE-2024-50672CRITICALA NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administEPSS 1.5%CVE-2021-24631Unlimited PopUps <= 4.5.3 - Author+ SQL InjectionEPSS 1.5%CVE-2021-24630Schreikasten <= 0.14.18 - Author+ SQL InjectionsEPSS 1.5%CVE-2021-24726WP Simple Booking Calendar <= 2.0.6 (before 07/12/2021) - Authenticated SQL InjectionEPSS 1.5%CVE-2022-0478Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL InjectionEPSS 1.5%CVE-2026-28501CRITICALWWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.phpEPSS 1.5%CVE-2022-1683amtyThumb <= 4.2.0 - Subscriber+ SQLiEPSS 1.5%CVE-2025-47172HIGHMicrosoft SharePoint Server Remote Code Execution VulnerabilityEPSS 1.5%CVE-2020-13592MEDIUMAn exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A speciallEPSS 1.5%CVE-2020-13591MEDIUMAn exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A sEPSS 1.5%CVE-2020-13587MEDIUMAn exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A EPSS 1.5%CVE-2017-17919HIGHSQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commanEPSS 1.5%CVE-2021-24137Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL InjectionEPSS 1.5%CVE-2021-24149Modern Events Calendar Lite < 5.16.6 - Authenticated SQL InjectionEPSS 1.5%CVE-2021-24772Stream < 3.8.2 - Admin+ SQL InjectionEPSS 1.5%CVE-2022-31890CRITICALSQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae viaEPSS 1.5%