CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-89

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-23824 89 Sql 2023-01-23 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions.
2 CVE-2023-23490 89 Sql 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
3 CVE-2023-23489 89 Sql 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
4 CVE-2023-23488 89 Sql 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
5 CVE-2023-22959 89 Sql 2023-01-11 2023-01-18
0.0
None ??? ??? ??? ??? ??? ???
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).
6 CVE-2023-22727 89 Sql 2023-01-17 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
CakePHP is a development framework for PHP web apps. In affected versions the `Cake\Database\Query::limit()` and `Cake\Database\Query::offset()` methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by using CakePHP's Pagination library. Manually validating or casting parameters to these methods will also mitigate the issue.
7 CVE-2023-22494 89 Sql 2023-01-13 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
a12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds.
8 CVE-2023-0516 89 Sql 2023-01-26 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.
9 CVE-2023-0515 89 Sql 2023-01-26 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335.
10 CVE-2023-0332 89 Sql 2023-01-17 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.
11 CVE-2023-0324 89 Sql 2023-01-16 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability.
12 CVE-2023-0305 89 Sql 2023-01-15 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-218386 is the identifier assigned to this vulnerability.
13 CVE-2023-0304 89 Sql 2023-01-15 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218385 was assigned to this vulnerability.
14 CVE-2023-0303 89 Sql 2023-01-15 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218384.
15 CVE-2023-0283 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability.
16 CVE-2023-0281 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276.
17 CVE-2023-0256 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184.
18 CVE-2023-0254 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
19 CVE-2023-0245 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability.
20 CVE-2023-0244 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.
21 CVE-2023-0243 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.
22 CVE-2023-0016 89 Sql 2023-01-10 2023-01-18
0.0
None ??? ??? ??? ??? ??? ???
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.
23 CVE-2022-48090 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.
24 CVE-2022-47866 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.
25 CVE-2022-47865 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.
26 CVE-2022-47864 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.
27 CVE-2022-47862 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.
28 CVE-2022-47861 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.
29 CVE-2022-47860 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.
30 CVE-2022-47859 89 Sql 2023-01-11 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.
31 CVE-2022-47790 89 Sql 2023-01-09 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.
32 CVE-2022-47745 89 Sql 2023-01-19 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
33 CVE-2022-47740 89 Sql 2023-01-19 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.
34 CVE-2022-47523 89 Sql 2023-01-05 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
35 CVE-2022-47105 89 Sql 2023-01-19 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
36 CVE-2022-46956 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.
37 CVE-2022-46955 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.
38 CVE-2022-46954 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.
39 CVE-2022-46953 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window.
40 CVE-2022-46952 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user.
41 CVE-2022-46951 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads.
42 CVE-2022-46950 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window.
43 CVE-2022-46949 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.
44 CVE-2022-46947 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
45 CVE-2022-46946 89 Sql 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.
46 CVE-2022-46887 89 Exec Code Sql 2023-01-19 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
47 CVE-2022-46764 89 Exec Code Sql 2022-12-27 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
48 CVE-2022-46763 89 Exec Code Sql 2022-12-27 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
49 CVE-2022-46623 89 Sql 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.
50 CVE-2022-46502 89 Sql 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.