CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,653 vulnerabilities with CWE-89
CVE-2024-54446
HIGH
Document History - Blind SQL Injection
CVE-2024-54445
HIGH
LogicalDOC Community < 9.1 - Unauthenticated Blind SQL Injection via Login Functionality
CVE-2024-12245
HIGH
LogicalDOC Community - Unauthenticated Blind SQL Injection via Logout Functionality
CVE-2024-13321
HIGH
AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection via custom_sql Parameter
CVSS 7.5
CVE-2024-54026
MEDIUM
Fortinet FortiSandbox <4.4.6 - SQL Injection
CVSS 4.3
CVE-2024-33501
MEDIUM
Fortinet Fortianalyzer < 7.2.6 - SQL Injection
CVSS 4.2
CVE-2024-13844
MEDIUM
Post SMTP < 3.1.3 - Authenticated SQL Injection via Columns Parameter
CVSS 4.9
CVE-2024-13781
MEDIUM
Hero Maps Premium < 2.3.9 - Authenticated SQL Injection via AJAX Actions
CVSS 6.5
CVE-2024-12609
MEDIUM
School Management System for Wordpress < 92.0.0 - Authenticated SQL Injection via view-attendance Page
CVSS 6.5
CVE-2024-12607
MEDIUM
School Management System for Wordpress < 92.0.0 - Authenticated SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2024-13320
HIGH
CURCY - WooCommerce Multi Currency - Currency Switcher <2.3.6 - SQL...
CVSS 7.5
CVE-2024-42844
HIGH
EPICOR Prophet 21 <23.2.5232 - SQL Injection
CVSS 8.1
CVE-2024-12146
HIGH
Finder ERP/CRM <18.12.2024 - SQL Injection
CVSS 7.5
CVE-2024-12144
CRITICAL
Finder ERP/CRM Old System <18.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-13147
CRITICAL
Merkur Software B2B Login Panel <15.01.2025 - SQL Injection
CVSS 9.8
CVE-2024-12097
CRITICAL
Boceksoft Informatics E-Travel <15.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-13809
MEDIUM
Hero Slider - WordPress Slider Plugin <1.3.5 - SQL Injection
CVSS 6.5
CVE-2024-13778
MEDIUM
Hero Mega Menu - Responsive WordPress Menu Plugin <1.16.5 - SQL Inj...
CVSS 6.5
CVE-2024-9149
HIGH
Wind Media E-Commerce Website Template <v1.5 - SQL Injection
CVSS 8.6
CVE-2024-50706
CRITICAL
Uniguest Tripleplay 23.1-24.1.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-51962
HIGH
ArcGIS Server 10.9.1-11.3 - Authenticated SQL Injection via EDIT Operation
CVSS 8.7
CVE-2024-13750
MEDIUM
Multilevel Referral Affiliate Plugin - SQL Injection
CVSS 6.5
CVE-2024-55160
CRITICAL
GFast 2-3.2 - SQL Injection via OrderBy Parameter
CVSS 9.8
CVE-2024-13148
CRITICAL
Yukseloglu Filter B2B Login Platform <16.01.2025 - SQL Injection
CVSS 9.8
CVE-2024-51539
LOW
Dell Secure Connect Gateway <5.28 - SQL Injection
CVSS 2.3
Details
Vulnerabilities
19,653
Exploit Likelihood
High