CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,653 vulnerabilities with CWE-89
CVE-2024-53544
CRITICAL
NovaCHRON Smart Time Plus <8.6 - SQL Injection
CVSS 9.8
CVE-2024-53543
MEDIUM
NovaCHRON Smart Time Plus <8.7 - SQL Injection
CVSS 5.4
CVE-2024-54820
CRITICAL
XOne Web Monitor <1.0.4.9 - SQL Injection
CVSS 9.8
CVE-2024-12918
HIGH
Agito Computer Health4All <10.01.2025 - SQL Injection
CVSS 8.8
CVE-2024-12916
HIGH
Life4All <10.01.2025 - SQL Injection
CVSS 8.8
CVE-2024-13474
HIGH
LTL Freight Quotes - Purolator Edition <2.2.3 - SQL Injection
CVSS 7.5
CVE-2024-55159
MEDIUM
GFast v2-v3.2 - SQL Injection via SortName Parameter
CVSS 4.2
CVE-2024-13846
MEDIUM
Indeed Ultimate Learning Pro <= 3.9 - Authenticated Time-Based SQL Injection via post_id Parameter
CVSS 4.9
CVE-2024-13713
MEDIUM
WPExperts Square For GiveWP <= 1.3.1 - Authenticated SQL Injection via Post Parameter
CVSS 6.5
CVE-2024-12276
MEDIUM
Ultimate Member < 2.9.2 - Authenticated Second-Order SQL Injection via Filename Parameter
CVSS 5.3
CVE-2024-11260
HIGH
Events Manager <= 6.6.3 - Unauthenticated Time-Based SQL Injection via active_status
CVSS 7.5
CVE-2024-13235
MEDIUM
Pinpoint Booking System - WordPress <2.9.9.5.2 - SQL Injection
CVSS 6.5
CVE-2024-54960
MEDIUM
Nagios XI 2024R1.2.2 - SQL Injection via History Tab Component
CVSS 6.5
CVE-2024-13476
HIGH
LTL Freight Quotes - GlobalTranz Edition <2.3.11 - SQL Injection
CVSS 7.5
CVE-2024-13534
HIGH
Eniture Small Package Quotes < 5.2.19 - SQL Injection
CVSS 7.5
CVE-2024-13533
HIGH
Small Package Quotes - USPS Edition <= 1.3.5 - Unauthenticated SQL Injection via edit_id Parameter
CVSS 7.5
CVE-2024-13491
HIGH
Small Package Quotes - For Customers of FedEx <4.3.1 - SQL Injection
CVSS 7.5
CVE-2024-13485
HIGH
LTL Freight Quotes - ABF Freight Edition <3.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13483
HIGH
LTL Freight Quotes - SAIA Edition <2.2.10 - SQL Injection
CVSS 7.5
CVE-2024-13481
HIGH
LTL Freight Quotes - R+L Carriers Edition <3.3.4 - SQL Injection
CVSS 7.5
CVE-2024-13479
HIGH
LTL Freight Quotes - SEFL Edition <3.2.4 - SQL Injection
CVSS 7.5
CVE-2024-13478
HIGH
LTL Freight Quotes - TForce Edition <3.6.4 - SQL Injection
CVSS 7.5
CVE-2024-13489
HIGH
LTL Freight Quotes - Old Dominion Edition <4.2.10 - SQL Injection
CVSS 7.5
CVE-2024-13712
MEDIUM
Pollin <= 1.01.1 - Unauthenticated SQL Injection via Question Parameter
CVSS 4.9
CVE-2024-13676
MEDIUM
Categorized Gallery Plugin <2.0 - SQL Injection
CVSS 6.5
Details
Vulnerabilities
19,653
Exploit Likelihood
High