Falhas do tipo CWE-89
11.540 resultadosCVE-2023-41320HIGHAccount takeover via SQL Injection in UI layout preferences in GLPIEPSS 32.1%CVE-2024-30491HIGHWordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - SQL Injection vulnerabilityEPSS 32.0%CVE-2023-43813MEDIUMglpi Authenticated SQL InjectionEPSS 31.1%CVE-2022-3323HIGHAn SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listEPSS 30.7%CVE-2024-31077HIGHForminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with EPSS 30.4%CVE-2021-20028CRITICALImproper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, sEPSS 30.1%KEVCVE-2020-13568HIGHSQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HEPSS 29.7%CVE-2021-36299HIGHDell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticEPSS 29.6%CVE-2024-39907CRITICALa sqlinjection in 1Panel EPSS 29.4%CVE-2025-29085CRITICALSQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/eEPSS 29.1%CVE-2023-34991CRITICALA improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and EPSS 28.8%CVE-2025-3833HIGHSQL InjectionEPSS 27.8%CVE-2021-33732—A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitEPSS 27.7%CVE-2021-33730—A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitEPSS 27.7%CVE-2021-33734—A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitEPSS 27.7%CVE-2021-24340—WP Statistics < 13.0.8 - Unauthenticated SQL InjectionEPSS 26.9%CVE-2022-41133HIGHDelta Electronics DIAEnergieEPSS 26.6%CVE-2022-39066HIGHThere is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an EPSS 26.5%CVE-2022-4855HIGHSourceCodester Lead Management System login.php sql injectionEPSS 26.5%CVE-2022-24627CRITICALAn issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameEPSS 26.4%