CWE-89— SQL Injection
9,001 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 1 of 181
- CVE-2005-4891CRITICALCVSS 9.8EG 9.82020-01-15
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
- CVE-2007-10001LOWCVSS 3.5EG 7.52023-01-05
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix th…
- CVE-2007-10002HIGHCVSS 7.3EG 9.82023-01-08
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injecti…
- CVE-2007-10003MEDIUMCVSS 6.3EG 6.32023-10-29
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The m…
- CVE-2008-10003MEDIUMCVSS 6.3EG 9.82023-03-05
A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch t…
- CVE-2008-10004MEDIUMCVSS 6.3EG 9.82023-03-06
A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument na…
- CVE-2009-4899CRITICALCVSS 9.8EG 9.82019-10-28
pixelpost 1.7.1 has SQL injection
- CVE-2010-10003MEDIUMCVSS 5.5EG 9.82023-01-04
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injecti…
- CVE-2010-10007MEDIUMCVSS 5.5EG 9.82023-01-18
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql in…
- CVE-2010-10009MEDIUMCVSS 5.5EG 9.82023-01-18
A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended t…
- CVE-2010-3662HIGHCVSS 8.8EG 8.82019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
- CVE-2011-0467HIGHCVSS 8.8EG 8.82018-06-07
A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versio…
- CVE-2011-10001MEDIUMCVSS 5.5EG 9.82023-01-18
A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch…
- CVE-2011-10002MEDIUMCVSS 5.5EG 9.82023-02-07
A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this iss…
- CVE-2011-10003MEDIUMCVSS 5.5EG 9.82023-02-07
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is …
- CVE-2011-1151CRITICALCVSS 9.1EG 9.12020-02-05
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
- CVE-2011-1933CRITICALCVSS 9.8EG 9.82019-11-26
SQL injection vulnerability in Jifty::DBI before 0.68.
- CVE-2011-1939CRITICALCVSS 9.8EG 9.82019-11-26
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
- CVE-2011-2715CRITICALCVSS 9.8EG 9.82020-01-14
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
- CVE-2011-2936CRITICALCVSS 9.8EG 9.82019-11-12
Elgg through 1.7.10 has a SQL injection vulnerability
- CVE-2011-3583CRITICALCVSS 9.8EG 9.82019-11-26
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters a…
- CVE-2011-3584CRITICALCVSS 9.8EG 9.82019-11-26
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
- CVE-2011-4094CRITICALCVSS 9.8EG 9.82020-01-21
Jara 1.6 has a SQL injection vulnerability.
- CVE-2011-5020CRITICALCVSS 9.8EG 9.82020-01-10
An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.
- CVE-2011-5266CRITICALCVSS 9.8EG 9.82020-01-08
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.
- CVE-2012-10006MEDIUMCVSS 5.5EG 9.82023-01-18
A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended t…
- CVE-2012-10008MEDIUMCVSS 6.3EG 9.82023-02-20
A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use vers…
- CVE-2012-10009HIGHCVSS 7.3EG 9.82023-03-21
A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is…
- CVE-2012-10011MEDIUMCVSS 6.3EG 9.82023-04-09
A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name l…
- CVE-2012-10047CRITICALCVSS 10.0EG 0.02025-08-08
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL …
- CVE-2012-1124CRITICALCVSS 9.8EG 9.82020-02-11
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
- CVE-2012-1259CRITICALCVSS 9.8EG 9.82020-01-09
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip par…
- CVE-2012-3336HIGHCVSS 8.8EG 8.82020-09-01
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete infor…
- CVE-2012-4383HIGHCVSS 8.8EG 8.82020-01-29
contao prior to 2.11.4 has a sql injection vulnerability
- CVE-2012-5698HIGHCVSS 8.8EG 8.82020-01-23
BabyGekko before 1.2.4 has SQL injection.
- CVE-2012-5872CRITICALCVSS 9.8EG 9.82023-04-26
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.
- CVE-2012-6719CRITICALCVSS 9.8EG 9.82019-08-28
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
- CVE-2013-10003MEDIUMCVSS 6.5EG 9.82022-05-24
A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation lea…
- CVE-2013-10008MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommende…
- CVE-2013-10009MEDIUMCVSS 5.5EG 9.82023-01-07
A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c…
- CVE-2013-10011MEDIUMCVSS 6.3EG 9.82023-01-12
A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of …
- CVE-2013-10012MEDIUMCVSS 5.5EG 9.82023-01-16
A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958…
- CVE-2013-10013MEDIUMCVSS 5.5EG 9.82023-01-17
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthentic…
- CVE-2013-10014MEDIUMCVSS 5.5EG 9.82023-01-19
A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to a…
- CVE-2013-10015MEDIUMCVSS 5.5EG 9.82023-02-03
A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injectio…
- CVE-2013-10016MEDIUMCVSS 5.5EG 9.82023-02-03
A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is na…
- CVE-2013-10017MEDIUMCVSS 5.5EG 9.82023-02-04
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the p…
- CVE-2013-10018MEDIUMCVSS 5.5EG 9.82023-02-04
A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/…
- CVE-2013-10019MEDIUMCVSS 6.3EG 9.82023-02-20
A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62…
- CVE-2013-10023MEDIUMCVSS 6.3EG 9.82023-04-08
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edca…
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →