Vulnerabilities (CVE)

Filtered by CWE-89
Total 19601 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-50984 1 Diskoverdata 1 Diskover 2026-06-17 N/A 5.3 MEDIUM
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE and others can be crafted to inject arbitrary SQLite expressions wrapped in JSON functions. By exploiting these injection points, an attacker can infer or extract sensitive information from the underlying database without authentication. This issue stems from improper input validation and parameterization in the application's JSON-based query construction.
CVE-2025-50983 1 Readarr 1 Readarr 2026-06-17 N/A 8.3 HIGH
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlmap confirmed exploitation via stacked queries, demonstrating that the parameter can be abused to run arbitrary SQL statements. A heavy query was executed using SQLite's RANDOMBLOB() and HEX() functions to simulate a time-based payload, indicating deep control over database interactions.
CVE-2025-50979 1 Nodebb 1 Nodebb 2026-06-17 N/A 8.6 HIGH
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.
CVE-2025-50972 1 Abantecart 1 Abantecart 2026-06-17 N/A 9.8 CRITICAL
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data.
CVE-2025-50928 1 Ehcp 1 Easy Hosting Control Panel 2026-06-17 N/A 4.8 MEDIUM
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
CVE-2025-50926 1 Ehcp 1 Easy Hosting Control Panel 2026-06-17 N/A 6.5 MEDIUM
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function.
CVE-2025-50868 2026-06-17 N/A 6.5 MEDIUM
A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries.
CVE-2025-50867 1 Vishalmathur 1 Cloudclassroom 2026-06-17 N/A 6.5 MEDIUM
A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
CVE-2025-50860 1 Ehcp 1 Easy Hosting Control Panel 2026-06-17 N/A 5.4 MEDIUM
SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
CVE-2025-50565 1 Doubo Erp Project 1 Doubo Erp 2026-06-17 N/A 6.5 MEDIUM
Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker.
CVE-2025-50468 1 Open-metadata 1 Openmetadata 2026-06-17 N/A 6.5 MEDIUM
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.
CVE-2025-50467 1 Open-metadata 1 Openmetadata 2026-06-17 N/A 6.5 MEDIUM
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.
CVE-2025-50466 1 Open-metadata 1 Openmetadata 2026-06-17 N/A 7.1 HIGH
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.
CVE-2025-50465 1 Open-metadata 1 Openmetadata 2026-06-17 N/A 7.1 HIGH
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.
CVE-2025-50240 2026-06-17 N/A 9.8 CRITICAL
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.
CVE-2025-50229 1 Jizhicms 1 Jizhicms 2026-06-17 N/A 9.8 CRITICAL
Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.
CVE-2025-50192 1 Chamilo 1 Chamilo Lms 2026-06-17 N/A 9.8 CRITICAL
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
CVE-2025-50191 1 Chamilo 1 Chamilo Lms 2026-06-17 N/A 7.2 HIGH
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.
CVE-2025-50190 1 Chamilo 1 Chamilo Lms 2026-06-17 N/A 9.8 CRITICAL
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
CVE-2025-50189 1 Chamilo 1 Chamilo Lms 2026-06-17 N/A 8.8 HIGH
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30.