| Detecting NoSQL injection | APPRENTICE | NoSQL Injection | Open |
| Exploiting NoSQL operator injection to bypass authentication | APPRENTICE | NoSQL Injection | Open |
| SQL injection vulnerability allowing login bypass | APPRENTICE | SQL Injection | Open |
| SQL injection vulnerability in WHERE clause allowing retrieval of hidden data | APPRENTICE | SQL Injection | Open |
| Blind SQL injection with conditional errors | PRACTITIONER | SQL Injection | Open |
| Blind SQL injection with conditional responses | PRACTITIONER | SQL Injection | Open |
| Blind SQL injection with out-of-band data exfiltration | PRACTITIONER | SQL Injection | Open |
| Blind SQL injection with out-of-band interaction | PRACTITIONER | SQL Injection | Open |
| Blind SQL injection with time delays | PRACTITIONER | SQL Injection | Open |
| Blind SQL injection with time delays and information retrieval | PRACTITIONER | SQL Injection | Open |
| Exploiting NoSQL injection to extract data | PRACTITIONER | NoSQL Injection | Open |
| Exploiting NoSQL operator injection to extract unknown fields | PRACTITIONER | NoSQL Injection | Open |
| SQL injection attack, listing the database contents on non-Oracle databases | PRACTITIONER | SQL Injection | Open |
| SQL injection attack, listing the database contents on Oracle | PRACTITIONER | SQL Injection | Open |
| SQL injection attack, querying the database type and version on MySQL and Microsoft | PRACTITIONER | SQL Injection | Open |
| SQL injection attack, querying the database type and version on Oracle | PRACTITIONER | SQL Injection | Open |
| SQL injection UNION attack, determining the number of columns returned by the query | PRACTITIONER | SQL Injection | Open |
| SQL injection UNION attack, finding a column containing text | PRACTITIONER | SQL Injection | Open |
| SQL injection UNION attack, retrieving data from other tables | PRACTITIONER | SQL Injection | Open |
| SQL injection UNION attack, retrieving multiple values in a single column | PRACTITIONER | SQL Injection | Open |
| SQL injection with filter bypass via XML encoding | PRACTITIONER | SQL Injection | Open |
| Visible error-based SQL injection | PRACTITIONER | SQL Injection | Open |