CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-13676 MEDIUM
Categorized Gallery Plugin <2.0 - SQL Injection
CVSS 6.5
CVE-2024-55460 CRITICAL
BoardRoom Limited Dividend Distribution Tax Election System <v2.0 -...
CVSS 9.8
CVE-2024-13369 MEDIUM
Tour Master - Tour Booking Travel Hotel <5.3.6 - SQL Injection
CVSS 6.5
CVE-2024-13595 MEDIUM
Simple Signup Form <= 1.6.5 - Authenticated SQL Injection via 'id' Shortcode Attribute
CVSS 6.5
CVE-2024-13726 HIGH
Coder WordPress Plugin < 1.3.4 - Unauthenticated SQL Injection via AJAX Action
CVSS 8.6
CVE-2024-13608 MEDIUM
Track Logins WordPress Plugin <= 1.0 - Authenticated SQL Injection
CVSS 4.7
CVE-2024-13500 MEDIUM
WP Project Manager <2.6.17 - SQL Injection
CVSS 6.5
CVE-2024-13488 HIGH
LTL Freight Quotes - Estes Edition <3.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13152 CRITICAL
BSS Software Mobuy Online <2.0 - SQL Injection
CVSS 10.0
CVE-2024-13532 HIGH
Purolator Small Package Quotes <=3.6.4 - Unauthenticated SQL Injection via edit_id/dropship_edit_id
CVSS 7.5
CVE-2024-13480 HIGH
LTL Freight Quotes - WordPress Plugin <3.4.1 - SQL Injection
CVSS 7.5
CVE-2024-13477 HIGH
LTL Freight Quotes - Unishippers Edition <2.5.8 - SQL Injection
CVSS 7.5
CVE-2024-32838 HIGH
Apache Fineract 1.4.0-1.9 - Authenticated SQL Injection via REST API Query Parameters
CVSS 8.8
CVE-2024-13531 HIGH
ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection via edit_id Parameter
CVSS 7.5
CVE-2024-13490 HIGH
LTL Freight Quotes - XPO Edition <4.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13475 HIGH
Small Package Quotes - UPS Edition <4.5.16 - SQL Injection
CVSS 7.5
CVE-2024-13473 HIGH
LTL Freight Quotes - Worldwide Express Edition <5.0.20 - SQL Injection
CVSS 7.5
CVE-2024-13435 HIGH
Ebook Downloader <1.0 - SQL Injection
CVSS 7.5
CVE-2024-55212 MEDIUM
DNNGo xBlog 6.5.0 - SQL Injection via Categorys Parameter
CVSS 6.5
CVE-2024-57178 MEDIUM
Stock-Forecaster <=01-04-2020 - SQL Injection
CVSS 5.9
CVE-2024-13440 HIGH
Super Store Finder <7.0 - SQL Injection
CVSS 8.2
CVE-2024-57606 HIGH
JeecgBoot < 3.7.3 - SQL Injection via getTotalData Component
CVSS 7.5
CVE-2024-57430 CRITICAL
PHPJabbers Cinema Booking System 2.0 - SQL Injection via pjActionGetUser Column Parameter
CVSS 9.8
CVE-2024-57098 CRITICAL
Moss v0.1.3 - SQL Injection via Order Parameter
CVSS 9.8
CVE-2024-57238 HIGH
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,654
Exploit Likelihood High