CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,653 vulnerabilities with CWE-89
CVE-2024-53544 CRITICAL
NovaCHRON Smart Time Plus <8.6 - SQL Injection
CVSS 9.8
CVE-2024-53543 MEDIUM
NovaCHRON Smart Time Plus <8.7 - SQL Injection
CVSS 5.4
CVE-2024-54820 CRITICAL
XOne Web Monitor <1.0.4.9 - SQL Injection
CVSS 9.8
CVE-2024-12918 HIGH
Agito Computer Health4All <10.01.2025 - SQL Injection
CVSS 8.8
CVE-2024-12916 HIGH
Life4All <10.01.2025 - SQL Injection
CVSS 8.8
CVE-2024-13474 HIGH
LTL Freight Quotes - Purolator Edition <2.2.3 - SQL Injection
CVSS 7.5
CVE-2024-55159 MEDIUM
GFast v2-v3.2 - SQL Injection via SortName Parameter
CVSS 4.2
CVE-2024-13846 MEDIUM
Indeed Ultimate Learning Pro <= 3.9 - Authenticated Time-Based SQL Injection via post_id Parameter
CVSS 4.9
CVE-2024-13713 MEDIUM
WPExperts Square For GiveWP <= 1.3.1 - Authenticated SQL Injection via Post Parameter
CVSS 6.5
CVE-2024-12276 MEDIUM
Ultimate Member < 2.9.2 - Authenticated Second-Order SQL Injection via Filename Parameter
CVSS 5.3
CVE-2024-11260 HIGH
Events Manager <= 6.6.3 - Unauthenticated Time-Based SQL Injection via active_status
CVSS 7.5
CVE-2024-13235 MEDIUM
Pinpoint Booking System - WordPress <2.9.9.5.2 - SQL Injection
CVSS 6.5
CVE-2024-54960 MEDIUM
Nagios XI 2024R1.2.2 - SQL Injection via History Tab Component
CVSS 6.5
CVE-2024-13476 HIGH
LTL Freight Quotes - GlobalTranz Edition <2.3.11 - SQL Injection
CVSS 7.5
CVE-2024-13534 HIGH
Eniture Small Package Quotes < 5.2.19 - SQL Injection
CVSS 7.5
CVE-2024-13533 HIGH
Small Package Quotes - USPS Edition <= 1.3.5 - Unauthenticated SQL Injection via edit_id Parameter
CVSS 7.5
CVE-2024-13491 HIGH
Small Package Quotes - For Customers of FedEx <4.3.1 - SQL Injection
CVSS 7.5
CVE-2024-13485 HIGH
LTL Freight Quotes - ABF Freight Edition <3.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13483 HIGH
LTL Freight Quotes - SAIA Edition <2.2.10 - SQL Injection
CVSS 7.5
CVE-2024-13481 HIGH
LTL Freight Quotes - R+L Carriers Edition <3.3.4 - SQL Injection
CVSS 7.5
CVE-2024-13479 HIGH
LTL Freight Quotes - SEFL Edition <3.2.4 - SQL Injection
CVSS 7.5
CVE-2024-13478 HIGH
LTL Freight Quotes - TForce Edition <3.6.4 - SQL Injection
CVSS 7.5
CVE-2024-13489 HIGH
LTL Freight Quotes - Old Dominion Edition <4.2.10 - SQL Injection
CVSS 7.5
CVE-2024-13712 MEDIUM
Pollin <= 1.01.1 - Unauthenticated SQL Injection via Question Parameter
CVSS 4.9
CVE-2024-13676 MEDIUM
Categorized Gallery Plugin <2.0 - SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,653
Exploit Likelihood High