CWE-89 CVEs and Security Vulnerabilities

Filtered by CWE-89

Search

Switch to Advanced Search (Beta)

Total 18512 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-25494	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel.
CVE-2019-25493	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information.
CVE-2019-25492	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information.
CVE-2019-25491	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information.
CVE-2019-25490	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information.
CVE-2019-25489	1 Doditsolutions	2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script)	2026-04-07	8.2 High
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service.
CVE-2019-25486	1 Varient	1 Varient Sql Inj.	2026-04-07	8.2 High
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information.
CVE-2019-25462	1 Web-ofisi	1 Rent A Car	2026-04-07	8.2 High
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
CVE-2019-25461	1 Web-ofisi	2 Platinum E-ticaret, Ticaret	2026-04-07	7.5 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.
CVE-2019-25460	1 Web-ofisi	2 Platinum E-ticaret, Ticaret	2026-04-07	7.5 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.
CVE-2019-25459	1 Web-ofisi	1 Emlak	2026-04-07	9.8 Critical
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
CVE-2019-25458	1 Web-ofisi	1 Firma Rehberi	2026-04-07	9.8 Critical
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.
CVE-2019-25457	1 Web-ofisi	1 Firma	2026-04-07	7.5 High
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
CVE-2019-25456	1 Web-ofisi	1 Emlak	2026-04-07	9.1 Critical
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
CVE-2019-25455	1 Web-ofisi	2 E-ticaret, Ticaret	2026-04-07	7.5 High
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
CVE-2019-25452	1 Dolibarr	2 Dolibarr Erp/crm, Dolibarr Erp\/crm	2026-04-07	7.5 High
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
CVE-2019-25450	1 Dolibarr	2 Dolibarr Erp/crm, Dolibarr Erp\/crm	2026-04-07	7.5 High
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
CVE-2019-25446	1 Digit-rs	1 Digit Centris	2026-04-07	8.2 High
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
CVE-2019-25444	1 Phpscriptsmall	1 Fiverr Clone Script	2026-04-07	9.1 Critical
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.
CVE-2019-25443	1 Edlangley	1 Inventory-webapp	2026-04-07	8.2 High
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or cat_id parameters to add-item.php to execute arbitrary database commands.

« first previous Page 4 of 926. next last »