CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,652 vulnerabilities with CWE-89
CVE-2024-58301 CRITICAL
Purei CMS 1.0 - SQL Injection via getAllParks.php and events-ajax.php Endpoints
CVE-2024-58290 CRITICAL
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
CVE-2024-58276 HIGH
Obi08 Enrollment System 1.0 - SQL Injection
CVE-2024-44664 MEDIUM
PHPGurukul Online Shopping Portal 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44659 CRITICAL
PHPGurukul Online Shopping Portal 2.0 - SQL Injection
CVSS 9.8
CVE-2024-44663 MEDIUM
PHPGurukul Online Shopping Portal 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44662 MEDIUM
PHPGurukul Online Shopping Portal 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44660 MEDIUM
PHPGurukul Online Shopping Portal 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44658 MEDIUM
PHPGurukul Complaint Mgt Sys 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44654 MEDIUM
PHPGurukul Complaint Management System 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44657 MEDIUM
PHPGurukul Complaint Mgmt Sys 2.0 - SQL Injection
CVSS 6.5
CVE-2024-44653 MEDIUM
Kashipara Ecommerce Website 1.0 - SQL Injection
CVSS 6.5
CVE-2024-44651 MEDIUM
Kashipara Ecommerce Website 1.0 - SQL Injection
CVSS 6.5
CVE-2024-44652 MEDIUM
Kashipara Ecommerce Website 1.0 - SQL Injection
CVSS 6.5
CVE-2024-44648 MEDIUM
PHPGurukul Small CRM 3.0 - SQL Injection
CVSS 6.5
CVE-2024-44644 MEDIUM
PHPGurukul Small CRM 3.0 - SQL Injection
CVSS 6.5
CVE-2024-44641 MEDIUM
PHPGurukul Small CRM 3.0 - SQL Injection
CVSS 6.5
CVE-2024-55016 MEDIUM
PHPGurukul Student Record Management System 3.20 - SQL Injection via login.php id and password Parameters
CVSS 6.5
CVE-2024-44640 MEDIUM
PHPGurukul Student Record System <3.20 - SQL Injection
CVSS 6.5
CVE-2024-44639 MEDIUM
PHPGurukul Student Record System <3.20 - SQL Injection
CVSS 6.5
CVE-2024-44636 MEDIUM
PHPGurukul Student Record System <3.20 - SQL Injection
CVSS 6.5
CVE-2024-44633 MEDIUM
PHPGurukul Student Record System <3.20 - SQL Injection
CVSS 6.5
CVE-2024-44632 MEDIUM
PHPGurukul Student Record System <3.20 - SQL Injection
CVSS 6.5
CVE-2024-44630 MEDIUM
PHPGurukul Student Record System 3.20 - SQL Injection
CVSS 6.5
CVE-2024-56804 HIGH
Video Station <5.8.4 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,652
Exploit Likelihood High