CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,653 vulnerabilities with CWE-89
CVE-2024-54446 HIGH
Document History - Blind SQL Injection
CVE-2024-54445 HIGH
LogicalDOC Community < 9.1 - Unauthenticated Blind SQL Injection via Login Functionality
CVE-2024-12245 HIGH
LogicalDOC Community - Unauthenticated Blind SQL Injection via Logout Functionality
CVE-2024-13321 HIGH
AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection via custom_sql Parameter
CVSS 7.5
CVE-2024-54026 MEDIUM
Fortinet FortiSandbox <4.4.6 - SQL Injection
CVSS 4.3
CVE-2024-33501 MEDIUM
Fortinet Fortianalyzer < 7.2.6 - SQL Injection
CVSS 4.2
CVE-2024-13844 MEDIUM
Post SMTP < 3.1.3 - Authenticated SQL Injection via Columns Parameter
CVSS 4.9
CVE-2024-13781 MEDIUM
Hero Maps Premium < 2.3.9 - Authenticated SQL Injection via AJAX Actions
CVSS 6.5
CVE-2024-12609 MEDIUM
School Management System for Wordpress < 92.0.0 - Authenticated SQL Injection via view-attendance Page
CVSS 6.5
CVE-2024-12607 MEDIUM
School Management System for Wordpress < 92.0.0 - Authenticated SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2024-13320 HIGH
CURCY - WooCommerce Multi Currency - Currency Switcher <2.3.6 - SQL...
CVSS 7.5
CVE-2024-42844 HIGH
EPICOR Prophet 21 <23.2.5232 - SQL Injection
CVSS 8.1
CVE-2024-12146 HIGH
Finder ERP/CRM <18.12.2024 - SQL Injection
CVSS 7.5
CVE-2024-12144 CRITICAL
Finder ERP/CRM Old System <18.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-13147 CRITICAL
Merkur Software B2B Login Panel <15.01.2025 - SQL Injection
CVSS 9.8
CVE-2024-12097 CRITICAL
Boceksoft Informatics E-Travel <15.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-13809 MEDIUM
Hero Slider - WordPress Slider Plugin <1.3.5 - SQL Injection
CVSS 6.5
CVE-2024-13778 MEDIUM
Hero Mega Menu - Responsive WordPress Menu Plugin <1.16.5 - SQL Inj...
CVSS 6.5
CVE-2024-9149 HIGH
Wind Media E-Commerce Website Template <v1.5 - SQL Injection
CVSS 8.6
CVE-2024-50706 CRITICAL
Uniguest Tripleplay 23.1-24.1.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-51962 HIGH
ArcGIS Server 10.9.1-11.3 - Authenticated SQL Injection via EDIT Operation
CVSS 8.7
CVE-2024-13750 MEDIUM
Multilevel Referral Affiliate Plugin - SQL Injection
CVSS 6.5
CVE-2024-55160 CRITICAL
GFast 2-3.2 - SQL Injection via OrderBy Parameter
CVSS 9.8
CVE-2024-13148 CRITICAL
Yukseloglu Filter B2B Login Platform <16.01.2025 - SQL Injection
CVSS 9.8
CVE-2024-51539 LOW
Dell Secure Connect Gateway <5.28 - SQL Injection
CVSS 2.3
Details
Vulnerabilities 19,653
Exploit Likelihood High