CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,653 vulnerabilities with CWE-89
CVE-2024-40072
CRITICAL
Sourcecodester Online ID Generator System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-40068
MEDIUM
Sourcecodester Online ID Generator System 1.0 - SQL Injection
CVSS 5.9
CVE-2024-13909
MEDIUM
Accredible Certificates & Open Badges <1.4.9 - SQL Injection
CVSS 4.9
CVE-2024-22611
CRITICAL
OpenEMR 7.0.2 - SQL Injection via Pharmacy Class and Controller
CVSS 9.8
CVE-2024-12410
MEDIUM
Front End Users <= 3.2.32 - Unauthenticated SQL Injection via UserSearchField Parameter
CVSS 4.9
CVE-2024-36465
HIGH
Zabbix 7.0.0-7.0.6 - Authenticated SQL Injection via groupBy Parameter
CVSS 8.8
CVE-2024-11504
HIGH
Streamsoft Prestiż <18.1.376.37 - SQL Injection
CVE-2024-42533
CRITICAL
Convivance StandVoice 4.5-6.2 - SQL Injection via GEST_LOGIN Parameter
CVSS 9.8
CVE-2024-53678
HIGH
Apache VCL 2.2-2.5.1 - SQL Injection via Block Allocation Request Form
CVSS 8.8
CVE-2024-9770
MEDIUM
WP-Recall < 16.26.12 - Authenticated SQL Injection
CVSS 4.7
CVE-2024-44903
HIGH
SirsiDynix Horizon IPAC20 <3.25_9382 - SQL Injection
CVSS 7.5
CVE-2024-12109
MEDIUM
Product Labels For Woocommerce (Sale Badges) < 1.5.9 - Authenticated SQL Injection
CVSS 4.1
CVE-2024-10638
MEDIUM
Product Labels For Woocommerce (Sale Badges) < 1.5.11 - Authenticated SQL Injection
CVSS 4.1
CVE-2024-8251
MEDIUM
mintplex-labs/anything-llm <1.2.2 - Code Injection
CVSS 5.3
CVE-2024-8055
HIGH
vanna-ai/vanna < latest - Unauthenticated SQL Injection via Snowflake PUT and COPY Commands
CVSS 7.5
CVE-2024-7764
HIGH
vanna-ai/vanna < latest - SQL Injection via LLM Response Manipulation
CVSS 8.1
CVE-2024-12911
HIGH
llamaindex < 0.5.1 - SQL Injection via Prompt Injection in JSONalyzeQueryEngine
CVSS 7.1
CVE-2024-12909
CRITICAL
llamaindex < 0.3.0 - SQL Injection and Remote Code Execution via FinanceChatLlamaPack run_sql_query Function
CVSS 9.8
CVE-2024-11958
CRITICAL
run-llama/llama_index - SQL Injection
CVSS 9.8
CVE-2024-10835
CRITICAL
db-gpt < 0.7.1 - Unauthenticated Arbitrary File Write and Remote Code Execution via SQL Injection
CVSS 9.8
CVE-2024-12016
CRITICAL
CM News < 6.0 - SQL Injection
CVSS 9.8
CVE-2024-50631
HIGH
Synology Drive Server < 3.0.4-12699 - SQL Injection in System Syncing Daemon
CVSS 7.5
CVE-2024-57151
MEDIUM
rainrocka xinhu <2.6.5 - SQL Injection
CVSS 6.8
CVE-2024-8997
CRITICAL
Vestel EVC04 Configuration Interface < 18.03.2025 - SQL Injection
CVSS 9.8
CVE-2024-54447
HIGH
LogicalDOC Community < 9.1 - Authenticated Blind SQL Injection via Saved Search
Details
Vulnerabilities
19,653
Exploit Likelihood
High