All CosmicBytez Labs articles tagged #CWE-89, across news, security advisories, how-to guides, and projects.
A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via the ID parameter in the admin product management endpoint.
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to extract database contents by manipulating the ID parameter in the user delete endpoint.
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 enables remote attackers to extract database contents by manipulating the ID parameter in the user save endpoint.
A SQL injection vulnerability in OpenCATS through 0.9.7.4 allows authenticated attackers to extract database contents by injecting malicious SQL via the sortDirection parameter in the DataGrid component.
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Online Music Site 1.0, affecting the Administrator PHP AdminEditAlbum endpoint. A public exploit is available and no patch exists.
A critical blind SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to exfiltrate the entire WordPress...
A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...
A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...
The Custom css-js-php WordPress plugin through version 2.0.7 fails to sanitize user input before using it in a SQL query, and passes the result to dynamic...
A high-severity SQL injection vulnerability has been discovered in SourceCodester Pizzafy Ecommerce System 1.0, allowing remote attackers to manipulate...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Courier Management System 1.0, affecting the edit_parcel.php file...
A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...
A medium-severity SQL injection vulnerability has been disclosed in ProjectsAndPrograms School Management System, allowing remote attackers to manipulate...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple IT Discussion Forum 1.0, affecting the /delete-category.php...
An unauthenticated SQL injection vulnerability in ResourceSpace 8.6 allows attackers to execute arbitrary database queries via the 'ref' parameter in...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the...
An unauthenticated SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the login.php file via...
A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester/jkev Record Management System 1.0, affecting the Login page's...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the login page's email...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, affecting the /all-tickets.php file...
A remotely exploitable SQL injection vulnerability exists in code-projects Simple Food Order System 1.0, where the Name parameter in register-router.php...
A SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, where the Status parameter in all-orders.php enables...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, where the cos_id parameter in...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, allowing unauthenticated attackers to...
A critical unauthenticated Boolean-based SQL injection vulnerability (CVSS 9.8) has been disclosed in HCL Unica versions 25.1.1 and below, allowing remote...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the amenities admin...
A high-severity SQL injection vulnerability has been disclosed in itsourcecode University Management System 1.0, allowing remote attackers to execute...
A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester Simple Responsive Tourism Website 1.0, allowing attackers to...