Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:sqli — CVE vulnerabilities tagged 20737

20737 CVE security advisories tagged "type:sqli" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:sqli" identifies vulnerabilities classified as SQL Injection, a critical web security flaw where attackers interfere with the queries an application makes to its database. This occurs when untrusted data is concatenated into SQL commands without proper sanitization or parameterization, allowing malicious users to execute arbitrary database operations. Such injections can lead to severe consequences, including unauthorized data access, modification, or deletion, and potentially full system compromise. Typical scenarios involve vulnerable login forms, search fields, or URL parameters where user input is directly embedded into backend queries. With over 20,000 associated CVEs, this persistent threat underscores the necessity of implementing robust input validation, prepared statements, and strict database access controls to mitigate risks and protect sensitive information from exploitation.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability — YITH WooCommerce Product Add-OnsCWE-89 7.6 High2026-05-20
CVE-2026-9065 Surecart - SQL Injection — SurecartCWE-89--2026-05-20
CVE-2026-9059 NextGEN Gallery - SQL Injection — NextGEN GalleryCWE-89--2026-05-20
CVE-2026-9003 TONNET|E-LAN Hybrid Recording System - SQL Injection — TPR7308CWE-89 7.5 High2026-05-20
CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters — BoostCWE-89 7.5 High2026-05-20
CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter — Read More & AccordionCWE-89 4.9 Medium2026-05-20
CVE-2026-3985 Creative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' Parameter — Creative Mail – Easier WordPress & WooCommerce Email MarketingCWE-89 7.5 High2026-05-20
CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter — Infility GlobalCWE-89 6.5 Medium2026-05-20
CVE-2026-44923 InfoScale VIOM <v9.1.3 SQL注入致权限提升 — n/a--2026-05-20
CVE-2026-8912 Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-89 7.5 High2026-05-19
CVE-2026-8827 SQL Injection in extension "Address List" (tt_address) — Extension "Address List"CWE-89--2026-05-19
CVE-2026-31069 BillaBear事件库SQL注入漏洞 — n/a--2026-05-19
CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint — SOGo WebmailCWE-89 8.1 High2026-05-18
CVE-2026-6379 WP Photo Album Plus < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter — WP Photo Album Plus--2026-05-18
CVE-2026-8785 projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection — hospital-management-system-in-phpCWE-89 7.3 High2026-05-18
CVE-2026-8772 linlinjava litemall Admin Endpoint sql injection — litemallCWE-89 4.7 Medium2026-05-17
CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection — litemallCWE-89 7.3 High2026-05-17
CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind) — ZechatCWE-89 8.2 High2026-05-17
CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter — ZechatCWE-89 8.2 High2026-05-17
CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection — N149 Wind Turbine Web ServerCWE-89 8.2 High2026-05-17
CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection — Joomla! extension EkRishtaCWE-89 8.2 High2026-05-17
CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php — Redaxo CMS Addon MyEventsCWE-89 7.1 High2026-05-17
CVE-2026-8734 Oinone Pamirs queryListByWrapper RSQLToSQLNodeConnector.makeVariable sql injection — PamirsCWE-89 7.3 High2026-05-17
CVE-2026-8724 Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection — DataeaseCWE-89 4.7 Medium2026-05-17
CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter — Fuel CMSCWE-89 7.1 High2026-05-16
CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname — EgavilanMedia PHPCRUDCWE-89 8.2 High2026-05-16
CVE-2021-47954 LayerBB 1.1.4 SQL Injection via search_query Parameter — LayerBBCWE-89 8.2 High2026-05-16
CVE-2020-37243 WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS — Pricing TableCWE-89 8.2 High2026-05-16
CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx — MembershipCWE-89 8.2 High2026-05-16
CVE-2020-37242 WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx — Ultimate MapsCWE-89 8.2 High2026-05-16

Vulnerabilities classified as type:sqli represent 20737 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.