Skip to main content

SQL Injection

web HIGH

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements.

How It Works

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements. When developers concatenate untrusted data into queries without proper sanitization, attackers can inject SQL syntax that changes the query's logic. For example, entering ' OR '1'='1 into a login form might transform SELECT * FROM users WHERE username='input' into a query that always returns true, bypassing authentication.

Attackers follow a methodical process: first probing input fields with special characters like quotes or semicolons to trigger database errors, then identifying whether the application is vulnerable. Once confirmed, they escalate by injecting commands to extract data (UNION-based attacks to merge results from other tables), manipulate records, or probe the database structure. Blind SQL injection variants work without visible error messages—boolean-based attacks infer data by observing application behavior changes, while time-based attacks use database sleep functions to confirm successful injection through response delays.

Advanced scenarios include second-order injection, where malicious input is stored in the database and later executed in a different context, and out-of-band attacks that exfiltrate data through DNS queries or HTTP requests when direct data retrieval isn't possible. Some database systems enable attackers to execute operating system commands through built-in functions like MySQL's LOAD_FILE or SQL Server's xp_cmdshell, escalating from database compromise to full server control.

Impact

  • Complete data breach — extraction of entire database contents including credentials, personal information, and proprietary data
  • Authentication bypass — logging in as any user without knowing passwords
  • Data manipulation — unauthorized modification or deletion of critical records
  • Privilege escalation — granting administrative rights to attacker-controlled accounts
  • Remote code execution — leveraging database features to run operating system commands and compromise the underlying server
  • Lateral movement — using compromised database credentials to access other connected systems

Real-World Examples

FreePBX's CVE-2025-66039 demonstrated a complete attack chain where SQL injection across 11 parameters in four different endpoints allowed attackers to write malicious entries into the cron_jobs table. When the system's scheduler executed these entries, the injected SQL transformed into operating system commands, granting full server control. The vulnerability required no authentication, making it immediately exploitable.

E-commerce platforms have suffered massive breaches through shopping cart SQL injection, where attackers inserted skimming code into stored procedures that executed during checkout, harvesting credit card data from thousands of transactions. Healthcare systems have been compromised through patient portal vulnerabilities, exposing millions of medical records when attackers injected UNION queries to merge data from supposedly isolated tables.

Mitigation

  • Parameterized queries (prepared statements) — separates SQL logic from data, making injection syntactically impossible
  • Object-Relational Mapping (ORM) frameworks — abstracts database interactions with built-in protections when used correctly
  • Strict input validation — whitelist acceptable characters and formats, reject suspicious patterns
  • Least privilege database accounts — applications should use credentials with minimal necessary permissions
  • Web Application Firewall (WAF) — detects and blocks common injection patterns as a secondary defense layer
  • Database activity monitoring — alerts on unusual query patterns or privilege escalation attempts

Recent CVEs (15171)

EPSS 0% CVSS 10.0
CRITICAL POC Act Now

AdminPando 1.0.1 by Fikir Odalari has a CVSS 10.0 SQL injection in the login functionality allowing complete authentication bypass and database takeover.

SQLi Authentication Bypass Fikir Odalari Adminpando
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection in PEAR's apidoc queue insertion allows unauthenticated remote attackers to manipulate database queries by controlling filename values, enabling unauthorized data modification. PEAR versions before 1.33.0 are affected, and no patch is currently available for affected deployments.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack. [CVSS 6.5 MEDIUM]

SQLi Jeewms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

FUXA v1.2.7 has an unrestricted file upload in the /api/upload endpoint that lacks authentication and file type validation, enabling web shell deployment on SCADA systems.

SQLi Fuxa
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the industrial monitoring database.

IoT Industrial SQLi +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

YouDataSum CPAS Audit Management System v4.9 has a SQL injection in the archive report endpoint allowing extraction of audit and compliance data.

SQLi Cpas Audit Management System
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 7.1 HIGH]

SQLi Open Eclass Platform
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. [CVSS 6.1 MEDIUM]

PHP SQLi XSS +1
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]

PHP SQLi XSS +1
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in KiviCare clinic management system versions 3.6.16 and earlier allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract sensitive data from the underlying database, though code execution is not possible. No patch is currently available for this HIGH severity vulnerability affecting the Iqonic Design product.

SQLi
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

SQL injection in Django's QuerySet.order_by() method allows authenticated attackers to execute arbitrary SQL commands through specially crafted column aliases containing periods when used with FilteredRelation and dictionary expansion. This vulnerability affects Django versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28, with potentially older unsupported versions also impacted. Patches are available for all affected versions.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

SQL injection via FilteredRelation column aliases in Django 4.2, 5.2, and 6.0 allows authenticated attackers to execute arbitrary SQL queries through crafted dictionary arguments in QuerySet methods like annotate() and aggregate(). An attacker with database access can exploit control characters in alias names to bypass input validation and potentially extract sensitive data or modify database contents. Patches are available for all affected versions, and unsupported Django releases may also be vulnerable.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 5% CVSS 5.4
MEDIUM POC PATCH This Month

SQL injection in Django's PostGIS RasterField lookups allows authenticated attackers to execute arbitrary SQL commands through the band index parameter in affected versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Unsupported Django series including 5.0.x, 4.1.x, and 3.2.x may also be vulnerable. A patch is available and authentication is required to exploit this vulnerability.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Emit Informatics product has a SQL injection vulnerability allowing unauthenticated database compromise through unsanitized input parameters.

SQLi
NVD VulDB
EPSS 0%
This Week

SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'.

SQLi
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026. [CVSS 8.6 HIGH]

SQLi Skspro
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in JeecgBoot 3.9.0's Online Report API endpoint allows authenticated remote attackers to manipulate the keyword parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An attacker with valid credentials can leverage this flaw to read, modify, or delete sensitive database information.

SQLi Jeecg Boot
NVD VulDB
EPSS 0% CVSS 8.1
HIGH POC This Week

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. [CVSS 8.1 HIGH]

PHP SQLi Simple Cms Php
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. [CVSS 8.1 HIGH]

SQLi Php Melody
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system. [CVSS 8.1 HIGH]

SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated SQL injection in the SupportCandy WordPress plugin versions up to 3.4.4 allows subscribers and above to extract sensitive database information through inadequately sanitized custom field filters. An authenticated attacker can manipulate the equals operator parameter to inject malicious SQL queries and bypass existing protections, exposing confidential data stored in the WordPress database.

WordPress SQLi
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. [CVSS 8.2 HIGH]

SQLi Online Exam System
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]

SQLi Navigate Cms
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. [CVSS 8.2 HIGH]

PHP SQLi Online Exam System
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]

PHP SQLi
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. [CVSS 8.6 HIGH]

PostgreSQL SQLi pandas
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /enrollment/index.php enables unauthenticated remote attackers to manipulate database queries and extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against affected installations.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Authenticated SQL injection in ChurchCRM's PaddleNumEditor.php endpoint prior to version 6.7.2 allows any logged-in user to execute arbitrary database queries regardless of their assigned permissions. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to read, modify, or delete sensitive church data. Update to version 6.7.2 or later to remediate.

PHP SQLi Churchcrm
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Directory Management System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter in /admin/index.php and execute arbitrary SQL commands. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise data confidentiality, integrity, and availability.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment is affected by sql injection (CVSS 8.6).

SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the student_id parameter in /admin/edit_student_query.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available, increasing the risk of active exploitation.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems expose confidentiality, integrity, and availability of underlying data.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/faculty/index.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. [CVSS 7.5 HIGH]

SQLi Content Management System
NVD VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
NVD GitHub Exploit-DB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SEMCMS 5.0 via the searchml parameter in /SEMCMS_Info.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

PHP SQLi
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Tanium addressed a SQL injection vulnerability in Asset. [CVSS 6.3 MEDIUM]

SQLi Asset
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in jshERP up to version 3.6 allows authenticated remote attackers to manipulate the barCodes parameter in the DepotItem import function, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available. The vendor has not responded to early notification of this issue.

SQLi Jsherp
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Online Music Site 1.0's AdminReply.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary SQL queries, potentially compromising database confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Online Music Site 1.0's AdminEditUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling potential data theft, modification, or service disruption. No patch is currently available, leaving affected installations vulnerable.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in Online Music Site 1.0's AdminAddCategory.php allows remote attackers with high privileges to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. [CVSS 8.6 HIGH]

SQLi Blue
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Explorance Blue versions before 8.14.9 have a CVSS 10.0 SQL injection vulnerability enabling unauthenticated attackers to fully compromise the survey and assessment database.

SQLi Blue
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC This Week

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. [CVSS 8.2 HIGH]

SQLi Smartblog
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

SQL injection in EGroupware's Nextmatch filter allows authenticated attackers to execute arbitrary database commands by exploiting PHP type juggling that bypasses integer validation checks. Public exploit code exists for this vulnerability affecting EGroupware versions prior to 23.1.20260113 and 26.0.20260113, and no patch is currently available. Attackers with valid credentials can manipulate WHERE clauses to extract sensitive data, modify records, or compromise database integrity.

PHP SQLi Egroupware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit time-based SQL injection in the VidShop plugin for WordPress (versions up to 1.1.4) through the unescaped 'fields' parameter to extract sensitive database information. The vulnerability stems from insufficient input validation and improper query preparation, allowing attackers to inject malicious SQL commands without authentication. No patch is currently available for this high-severity flaw affecting WooCommerce installations.

WordPress SQLi
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through covert channels, bypassing normal application output mechanisms. This vulnerability affects the '/evaluacion_objetivos_ver_auto.aspx' endpoint and compromises data confidentiality with no patch currently available.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Evaluacion De Desempeno application's 'Id_evaluacion' parameter to extract sensitive database information through indirect data exfiltration channels. This network-accessible vulnerability requires no user interaction and affects all instances without authentication controls, potentially exposing confidential evaluation records. No patch is currently available.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Performance Evaluation (Evaluacion De Desempeno) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' parameter in '/evaluacion_objetivos_anyo_sig_ver_auto.aspx' by exfiltrating data via external channels. The vulnerability compromises data confidentiality without requiring user interaction, affecting all deployments of the affected application. No patch is currently available.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through external data exfiltration channels. This vulnerability affects the '/evaluacion_objetivos_anyo_sig_evalua.aspx' endpoint and compromises confidentiality without requiring user interaction. No patch is currently available.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in Evaluacion De Desempeno's '/evaluacion_hca_ver_auto.asp' endpoint allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters. The vulnerability compromises confidentiality by enabling data exfiltration via covert channels without requiring direct application responses. No patch is currently available for affected deployments.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can exploit an out-of-band SQL injection flaw in the Performance Evaluation (EDD) application via the 'Id_usuario' and 'Id_evaluacion' parameters to extract sensitive database information through external channels, compromising data confidentiality. The vulnerability requires no user interaction and is remotely exploitable from the network. No patch is currently available.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in the '/evaluacion_competencias_evalua_old.aspx' endpoint. An attacker can bypass normal application output channels to exfiltrate confidential data, compromising database confidentiality. No patch is currently available for this vulnerability.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to extract sensitive database information through indirect data exfiltration channels. This vulnerability in the '/evaluacion_acciones_ver_auto.aspx' endpoint compromises the confidentiality of stored data without requiring user interaction. No patch is currently available for this HIGH severity vulnerability.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated attackers can extract sensitive database information from the Evaluacion De Desempeno application through an out-of-band SQL injection vulnerability in the 'Id_usuario' parameter of '/evaluacion_acciones_evalua.aspx'. The vulnerability allows data exfiltration via external channels without direct application responses, compromising database confidentiality. No patch is currently available for this high-severity flaw.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Performance Evaluation (EDD) application allows unauthenticated remote attackers to extract sensitive database information through the 'Id_usuario' and 'Id_evaluacion' parameters in '/evaluacion_inicio.aspx'. An attacker can exfiltrate confidential data via external channels without direct application feedback, compromising data confidentiality. No patch is currently available for this vulnerability.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application's 'Id_usuario' parameter allows unauthenticated remote attackers to exfiltrate sensitive database information through covert channels. The vulnerability affects the '/evaluacion_competencias_evalua.aspx' endpoint and enables unauthorized access to confidential data despite the application not directly returning query results. No patch is currently available for this HIGH severity vulnerability.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-band SQL injection in the Evaluacion De Desempeno application allows unauthenticated remote attackers to extract sensitive database information through the 'txAny' parameter in '/evaluacion_competencias_autoeval_list.aspx' without direct output reflection. By leveraging external data channels, an attacker can bypass normal application responses to exfiltrate confidential data and compromise database confidentiality. No patch is currently available for this vulnerability.

SQLi Evaluacion De Desempeno
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Mobile Shop Management System has code injection in ExAddNewUser.php.

PHP SQLi Mobile Shop Management System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Mobile Shop Management System has SQL injection in ExLogin.php.

PHP SQLi Mobile Shop Management System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Mobile Shop Management System has SQL injection in insertmessage.php.

PHP SQLi Mobile Shop Management System
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC This Week

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. [CVSS 8.2 HIGH]

SQLi
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. [CVSS 7.1 HIGH]

SQLi Librenms
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in Hisense TransTech Smart Bus Management System through version 20260113 allows unauthenticated remote attackers to manipulate the key parameter in the TireMng.aspx Page_Load function and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. An attacker can exploit this over the network without authentication to read, modify, or delete sensitive data.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH This Week

SQL Injection vulnerability in the Structure for Admin authenticated user [CVSS 7.2 HIGH]

SQLi Expressionengine
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Online Music Site 1.0's AdminDeleteUser.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker can leverage this to compromise data confidentiality, integrity, and availability.

PHP SQLi
NVD GitHub VulDB
EPSS 0%
Monitor

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption.

Linux Windows SSH +1
NVD
EPSS 0%
Monitor

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots.

SQLi
NVD
EPSS 0%
Monitor

The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.

SQLi Denial Of Service Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in the login page of code-projects Online Examination System 1.0 allows unauthenticated remote attackers to manipulate the User parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and affects confidentiality, integrity, and availability of the affected system.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks. [CVSS 6.8 MEDIUM]

WordPress SQLi PHP
NVD WPScan
EPSS 0% CVSS 4.9
MEDIUM This Month

SQL injection in the WP-ClanWars WordPress plugin through version 2.0.1 allows authenticated administrators to execute arbitrary SQL queries via an unescaped 'orderby' parameter, enabling extraction of sensitive database information. The vulnerability requires high-level administrative privileges and does not allow data modification or system availability impacts. No patch is currently available for this issue.

WordPress SQLi
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Aptsys gemscms POS Platform has a SQL injection in the GetServiceByRestaurantID endpoint allowing extraction of restaurant and payment data.

SQLi Gemscms Backend
NVD GitHub
Prev Page 25 of 169 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
15171

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy