CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,653 vulnerabilities with CWE-89
CVE-2024-57459 HIGH
CloudClassroom PHP Project 1.0 - Time-Based SQL Injection via myds Parameter
CVSS 7.3
CVE-2024-51102 MEDIUM
PHPGURUKUL Student Management System v1 - SQL Injection via Login Username and Password Parameters
CVSS 4.4
CVE-2024-51103 MEDIUM
PHPGURUKUL Student Management System v1 - SQL Injection via Password Recovery Email ID and ID Parameters
CVSS 6.5
CVE-2024-51101 CRITICAL
PHPGURUKUL Restaurant Table Booking System v1.0 - SQL Injection via Search Parameter
CVSS 9.8
CVE-2024-13955 HIGH
ABB ASPECT-Enterprise NEXUS Series and MATRIX Series <= 3.* - Authenticated SQL Injection
CVSS 8.8
CVE-2024-52874 HIGH
Infoblox NetMRI < 7.6.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-40120 MEDIUM
seaweedfs v3.68 - SQL Injection via abstract_sql_store.go
CVSS 6.5
CVE-2024-9879 MEDIUM
Melapress File Monitor < 2.1.1 - Authenticated SQL Injection
CVSS 5.4
CVE-2024-9838 MEDIUM
Auto Affiliate Links < 6.4.7 - Authenticated SQL Injection
CVSS 5.4
CVE-2024-9831 HIGH
Taskbuilder < 3.0.9 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-6809 CRITICAL
Simple Video Directory <1.4.3 - SQL Injection
CVSS 9.8
CVE-2024-6159 CRITICAL
WordPress Plugin <1.9.4 - SQL Injection
CVSS 9.8
CVE-2024-12735 HIGH
Advance Post Prefix < 1.1.1 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-11372 HIGH
Connexion Logs WP <3.0.2 - SQL Injection
CVSS 7.2
CVE-2024-11269 HIGH
AHAthat Plugin WordPress plugin < 1.6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-11267 HIGH
JSP Store Locator < 1.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-10009 MEDIUM
Melapress File Monitor <2.1.0 - SQL Injection
CVSS 4.1
CVE-2024-10864 HIGH
OpenText Advanced Authentication <6.5 - SQL Injection
CVE-2024-51444 MEDIUM
Polarion ALM V2310 and V2404 < V2404.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-13344 HIGH
Advance Seat Reservation Management <3.3 - SQL Injection
CVSS 7.5
CVE-2024-13322 HIGH
Ads Pro Plugin - WordPress <4.88 - SQL Injection
CVSS 7.5
CVE-2024-12023 MEDIUM
FULL - Cliente plugin <3.1.25 - SQL Injection
CVSS 6.5
CVE-2024-12706 LOW
OpenText Digital Asset Management <24.4 - SQL Injection
CVE-2024-55238 HIGH
OpenMetadata <=1.4.1 - SQL Injection via WorkflowDAO listCount Parameters
CVSS 7.1
CVE-2024-40073 CRITICAL
Sourcecodester Online ID Generator System 1.0 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,653
Exploit Likelihood High