CVE Daily
← All tags

Tag: SQL Injection

All CVEs associated with "SQL Injection". Page 5/5 • 535 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-04-02
Medium

CVE-2024-12410

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user suppl…

CVSS: 4.9 CWE: CWE-89
Read more
2025-03-26
High

CVE-2025-30217

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to a…

CVSS: 7.5 CWE: CWE-89
Read more
2025-03-25
High

CVE-2025-30212

Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to a…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2024-53678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that…

CVSS: 8.8 CWE: CWE-89
Read more
2025-03-20
High

CVE-2024-12911

A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary fi…

CVSS: 7.1 CWE: CWE-379
Read more
Critical

CVE-2024-12909

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vul…

CVSS: 9.8 CWE: CWE-89
Read more
Critical

CVE-2024-11958

A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of…

CVSS: 9.8 CWE: CWE-89
Read more
2025-03-18
High

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

CVSS: 9.8 CWE: CWE-89
Read more
2025-03-14
Low

CVE-2022-29059

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below…

CVSS: 2.7 CWE: CWE-89
Read more
2025-03-11
Medium

CVE-2024-54026

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7…

CVSS: 4.3 CWE: CWE-89
Read more
Medium

CVE-2024-33501

Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager ve…

CVSS: 4.2 CWE: CWE-89
Read more
2025-02-24
High

CVE-2025-26533

An SQL injection risk was identified in the module list filter within course search.

CVSS: 8.1 CWE: CWE-89
Read more
2025-02-06
Critical

CVE-2025-22992

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query para…

CVSS: 9.8 CWE: CWE-89
Read more
2025-01-14
High

CVE-2023-37931

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenti…

CVSS: 8.8 CWE: CWE-89
Read more
2025-01-07
Medium

CVE-2024-12332

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on t…

CVSS: 6.5 CWE: CWE-89
Read more
2024-12-10
High

CVE-2024-52538

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'…

CVSS: 7.6 CWE: CWE-89
Read more
High

CVE-2024-47977

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'…

CVSS: 7.1 CWE: CWE-89
Read more
High

CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'…

CVSS: 8.2 CWE: CWE-89
Read more
2024-12-09
Critical

CVE-2024-53947

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows at…

CVSS: 9.8 CWE: CWE-89
Read more
2024-12-02
High

CVE-2024-53792

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2.

CVSS: 8.5 CWE: CWE-89
Read more
2024-11-19
High

CVE-2024-52360

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modif…

CVSS: 7.6 CWE: CWE-89
Read more
2024-11-08
Critical

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id para…

CVSS: 9.8 CWE: CWE-89
Read more
2024-11-07
High

CVE-2024-43436

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.

CVSS: 7.2 CWE: CWE-89
Read more
2024-10-23
Medium

CVE-2024-10296

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdate…

CVSS: 4.7 CWE: CWE-89
Read more
2024-10-22
High

CVE-2024-39753

An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the abi…

CVSS: 7.5 CWE: CWE-89
Read more
2024-10-15
High

CVE-2024-35584

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier version…

CVSS: 8.8 CWE: CWE-89
Read more
2024-10-13
Critical

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `ge…

CVSS: 9.8 CWE: CWE-89
Read more
2024-10-02
High

CVE-2024-46626

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.

CVSS: 8.8 CWE: CWE-89
Read more
2024-06-12
High

CVE-2024-36263

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarin…

CVSS: 8.1 CWE: CWE-89
Read more
2024-05-22
Critical

CVE-2023-51637

Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Serv…

CVSS: 9.8 CWE: CWE-89
Read more
2024-05-20
High

CVE-2024-34949

SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoin…

CVSS: 8.2 CWE: CWE-89
Read more
2024-05-03
Medium

CVE-2023-35720

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX9…

CVSS: 6.5 CWE: CWE-89
Read more
2024-05-02
High

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.

CVSS: 7.6 CWE: CWE-89
Read more
2024-04-01
High

CVE-2024-23119

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticat…

CVSS: 8.8 CWE: CWE-89
Read more
High

CVE-2024-23118

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authe…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2024-23117

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Au…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2024-23116

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticatio…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2024-23115

Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is…

CVSS: 7.2 CWE: CWE-89
Read more
Critical

CVE-2024-1863

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server…

CVSS: 9.8 CWE: CWE-89
Read more
High

CVE-2024-0637

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication…

CVSS: 8.8 CWE: CWE-89
Read more
2024-03-28
Medium

CVE-2024-29239

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 an…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29238

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29237

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29236

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29235

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29234

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 al…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29233

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 a…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29232

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 al…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29230

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and…

CVSS: 5.4 CWE: CWE-89
Read more
Medium

CVE-2024-29227

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-1…

CVSS: 5.4 CWE: CWE-89
Read more
2024-03-21
High

CVE-2024-24813

Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have per…

CVSS: 7.5 CWE: CWE-89
Read more
2024-02-06
Medium

CVE-2024-1251

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DEL…

CVSS: 5.5 CWE: CWE-89
Read more
2023-12-21
Medium

CVE-2023-7021

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of…

CVSS: 6.3 CWE: CWE-89
Read more
2023-08-14
Critical

CVE-2023-37847

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.

CVSS: 9.8 CWE: CWE-89
Read more