CWE-89— SQL Injection
8,999 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-89page 2 of 180
- CVE-2013-1400CRITICALCVSS 9.8EG 9.82020-02-13
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
- CVE-2013-1401CRITICALCVSS 9.8EG 9.82020-02-13
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.
- CVE-2013-2018CRITICALCVSS 9.8EG 9.82020-02-20
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-2091CRITICALCVSS 9.8EG 9.82019-11-20
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
- CVE-2013-2738CRITICALCVSS 9.8EG 9.82019-11-01
minidlna has SQL Injection that may allow retrieval of arbitrary files
- CVE-2013-2745CRITICALCVSS 9.8EG 9.82019-12-04
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
- CVE-2013-3000CRITICALCVSS 9.82018-07-09
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.
- CVE-2013-3638HIGHCVSS 8.8EG 8.82020-02-06
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
- CVE-2013-3932HIGHCVSS 8.8EG 8.82020-01-02
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile act…
- CVE-2013-4717HIGHCVSS 8.8EG 8.82021-08-09
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vecto…
- CVE-2013-5743CRITICALCVSS 9.8EG 9.82019-12-11
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
- CVE-2013-5945CRITICALCVSS 9.8EG 9.82020-02-11
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware b…
- CVE-2014-10376CRITICALCVSS 9.8EG 9.82019-08-16
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
- CVE-2014-10379CRITICALCVSS 9.8EG 9.82019-08-21
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
- CVE-2014-10387CRITICALCVSS 9.8EG 9.82019-08-22
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
- CVE-2014-125029MEDIUMCVSS 5.5EG 5.52023-01-07
A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id l…
- CVE-2014-125032MEDIUMCVSS 5.5EG 9.82023-01-02
A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier …
- CVE-2014-125037MEDIUMCVSS 5.5EG 9.82023-01-02
A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9…
- CVE-2014-125038MEDIUMCVSS 5.5EG 9.82023-01-02
A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of …
- CVE-2014-125040MEDIUMCVSS 5.5EG 9.82023-01-05
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument …
- CVE-2014-125041MEDIUMCVSS 5.5EG 9.82023-01-05
A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended …
- CVE-2014-125045MEDIUMCVSS 5.5EG 9.82023-01-05
A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of …
- CVE-2014-125046MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db…
- CVE-2014-125047MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommende…
- CVE-2014-125049MEDIUMCVSS 5.5EG 9.82023-01-06
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name o…
- CVE-2014-125050MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaee…
- CVE-2014-125051MEDIUMCVSS 5.5EG 5.52023-01-06
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injecti…
- CVE-2014-125052MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. T…
- CVE-2014-125053MEDIUMCVSS 5.5EG 9.82023-01-06
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument s…
- CVE-2014-125058MEDIUMCVSS 5.5EG 9.82023-01-07
A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbc…
- CVE-2014-125061MEDIUMCVSS 5.5EG 9.82023-01-07
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection.…
- CVE-2014-125062MEDIUMCVSS 5.5EG 9.82023-01-07
A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the…
- CVE-2014-125063MEDIUMCVSS 5.5EG 9.82023-01-07
A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is r…
- CVE-2014-125065MEDIUMCVSS 5.5EG 9.82023-01-07
A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recomm…
- CVE-2014-125067MEDIUMCVSS 5.5EG 9.82023-01-08
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql inject…
- CVE-2014-125072MEDIUMCVSS 5.5EG 7.82023-01-09
A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a pa…
- CVE-2014-125073MEDIUMCVSS 5.5EG 9.82023-01-10
A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identif…
- CVE-2014-125074MEDIUMCVSS 5.5EG 9.82023-01-11
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The id…
- CVE-2014-125075MEDIUMCVSS 5.5EG 9.82023-01-11
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa8682493939…
- CVE-2014-125076MEDIUMCVSS 5.5EG 9.82023-01-11
A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identif…
- CVE-2014-125077MEDIUMCVSS 5.5EG 9.82023-01-15
A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d…
- CVE-2014-125079MEDIUMCVSS 5.5EG 9.82023-01-15
A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address t…
- CVE-2014-125081MEDIUMCVSS 5.5EG 9.82023-01-17
A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 7a8430df79277c613449262201cc792db894fc76. It is…
- CVE-2014-125082MEDIUMCVSS 5.5EG 9.82023-01-18
A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b…
- CVE-2014-125083MEDIUMCVSS 5.5EG 9.82023-01-19
A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql…
- CVE-2014-125084MEDIUMCVSS 5.5EG 9.82023-02-06
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql …
- CVE-2014-125085MEDIUMCVSS 5.5EG 9.82023-02-06
A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. U…
- CVE-2014-125086MEDIUMCVSS 5.5EG 9.82023-02-06
A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql i…
- CVE-2014-125091MEDIUMCVSS 4.7EG 9.82023-03-04
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to…
- CVE-2014-125099MEDIUMCVSS 6.3EG 6.32023-04-20
A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql inj…
Map vulnerabilities like CWE-89 to your infrastructure
EchelonGraph correlates every CVE — across CWE-89 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →