CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,653 vulnerabilities with CWE-89
CVE-2024-57459
HIGH
CloudClassroom PHP Project 1.0 - Time-Based SQL Injection via myds Parameter
CVSS 7.3
CVE-2024-51102
MEDIUM
PHPGURUKUL Student Management System v1 - SQL Injection via Login Username and Password Parameters
CVSS 4.4
CVE-2024-51103
MEDIUM
PHPGURUKUL Student Management System v1 - SQL Injection via Password Recovery Email ID and ID Parameters
CVSS 6.5
CVE-2024-51101
CRITICAL
PHPGURUKUL Restaurant Table Booking System v1.0 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2024-13955
HIGH
ABB ASPECT-Enterprise NEXUS Series and MATRIX Series <= 3.* - Authenticated SQL Injection
CVSS 8.8
CVE-2024-52874
HIGH
Infoblox NetMRI < 7.6.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-40120
MEDIUM
seaweedfs v3.68 - SQL Injection via abstract_sql_store.go
CVSS 6.5
CVE-2024-9879
MEDIUM
Melapress File Monitor < 2.1.1 - Authenticated SQL Injection
CVSS 5.4
CVE-2024-9838
MEDIUM
Auto Affiliate Links < 6.4.7 - Authenticated SQL Injection
CVSS 5.4
CVE-2024-9831
HIGH
Taskbuilder < 3.0.9 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-6809
CRITICAL
Simple Video Directory <1.4.3 - SQL Injection
CVSS 9.8
CVE-2024-6159
CRITICAL
WordPress Plugin <1.9.4 - SQL Injection
CVSS 9.8
CVE-2024-12735
HIGH
Advance Post Prefix < 1.1.1 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-11372
HIGH
Connexion Logs WP <3.0.2 - SQL Injection
CVSS 7.2
CVE-2024-11269
HIGH
AHAthat Plugin WordPress plugin < 1.6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-11267
HIGH
JSP Store Locator < 1.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-10009
MEDIUM
Melapress File Monitor <2.1.0 - SQL Injection
CVSS 4.1
CVE-2024-10864
HIGH
OpenText Advanced Authentication <6.5 - SQL Injection
CVE-2024-51444
MEDIUM
Polarion ALM V2310 and V2404 < V2404.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-13344
HIGH
Advance Seat Reservation Management <3.3 - SQL Injection
CVSS 7.5
CVE-2024-13322
HIGH
Ads Pro Plugin - WordPress <4.88 - SQL Injection
CVSS 7.5
CVE-2024-12023
MEDIUM
FULL - Cliente plugin <3.1.25 - SQL Injection
CVSS 6.5
CVE-2024-12706
LOW
OpenText Digital Asset Management <24.4 - SQL Injection
CVE-2024-55238
HIGH
OpenMetadata <=1.4.1 - SQL Injection via WorkflowDAO listCount Parameters
CVSS 7.1
CVE-2024-40073
CRITICAL
Sourcecodester Online ID Generator System 1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,653
Exploit Likelihood
High