CVE-2025-22217

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-89
View all →

Vulnerability Description

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Related Vulnerabilities

CVE-2016-0249

HIGH
CVSS:8.6(High)

SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitr...

CWE-892016

CVE-2020-15176

HIGH
CVSS:8.6(High)

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulner...

CWE-892020

CVE-2022-41272

HIGH
CVSS:8.6(High)

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use...

CWE-892022

CVE-2022-47151

HIGH
CVSS:8.6(High)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best...

CWE-892022

CVE-2024-13726

HIGH
CVSS:8.6(High)

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL in...

CWE-892024

CVE-2024-22917

HIGH
CVSS:8.6(High)

SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.

CWE-892024