タイプ別 CVE リスト:SQL Injection

SQL Injection に分類される脆弱性に紐づく CVE を一覧表示します。新しい公開が先頭に来る並びで、CVSS / EPSS に基づく絞り込みにも対応しています。

直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。

公開年を問わず、SQL Injection に分類される CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 81100 / 19658
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-13486 A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. 5.5 0.41% 2026-06-28 2026-06-29
CVE-2026-13485 A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. 5.5 0.41% 2026-06-28 2026-06-29
CVE-2026-13333 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to 6.5 0.34% 2026-06-26 2026-06-29
CVE-2026-13331 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensit 6.5 0.28% 2026-06-26 2026-06-29
CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of 10.0 0.54% 2026-06-26 2026-06-30
CVE-2026-52785 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fixed in 17.3.3 and 17.4.1. 9.9 0.22% 2026-06-26 2026-06-29
CVE-2026-57667 Sales Representative SQL Injection in Groundhogg <= 4.5 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57663 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57662 Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57653 Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57644 Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57643 Contributor SQL Injection in WP Post Author <= 3.9.1 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57642 Contributor SQL Injection in Gallery <= 4.7.8 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57636 Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57631 Administrator SQL Injection in Popup box <= 6.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-57628 Administrator SQL Injection in WP All Import <= 4.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56068 Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. 9.3 0.24% 2026-06-26 2026-06-29
CVE-2026-56067 Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56064 Subscriber SQL Injection in Tourfic <= 2.22.5 versions. 8.5 0.28% 2026-06-26 2026-06-26
cvelogic Threat Intelligence