AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.
A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" paramete
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter.
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesController in CVE-2026-25495. The exa
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attack
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attacke
A SQL injection in Articles Good Search extension 1.0.0 - 1.2.4.0011 for Joomla allows attackers to execute arbitrary SQL commands.
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.1
SIGB PMB before 8.0.1.2 allows SQL injection.
Page 1+ Next →