CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-13676
MEDIUM
Categorized Gallery Plugin <2.0 - SQL Injection
CVSS 6.5
CVE-2024-55460
CRITICAL
BoardRoom Limited Dividend Distribution Tax Election System <v2.0 -...
CVSS 9.8
CVE-2024-13369
MEDIUM
Tour Master - Tour Booking Travel Hotel <5.3.6 - SQL Injection
CVSS 6.5
CVE-2024-13595
MEDIUM
Simple Signup Form <= 1.6.5 - Authenticated SQL Injection via 'id' Shortcode Attribute
CVSS 6.5
CVE-2024-13726
HIGH
Coder WordPress Plugin < 1.3.4 - Unauthenticated SQL Injection via AJAX Action
CVSS 8.6
CVE-2024-13608
MEDIUM
Track Logins WordPress Plugin <= 1.0 - Authenticated SQL Injection
CVSS 4.7
CVE-2024-13500
MEDIUM
WP Project Manager <2.6.17 - SQL Injection
CVSS 6.5
CVE-2024-13488
HIGH
LTL Freight Quotes - Estes Edition <3.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13152
CRITICAL
BSS Software Mobuy Online <2.0 - SQL Injection
CVSS 10.0
CVE-2024-13532
HIGH
Purolator Small Package Quotes <=3.6.4 - Unauthenticated SQL Injection via edit_id/dropship_edit_id
CVSS 7.5
CVE-2024-13480
HIGH
LTL Freight Quotes - WordPress Plugin <3.4.1 - SQL Injection
CVSS 7.5
CVE-2024-13477
HIGH
LTL Freight Quotes - Unishippers Edition <2.5.8 - SQL Injection
CVSS 7.5
CVE-2024-32838
HIGH
Apache Fineract 1.4.0-1.9 - Authenticated SQL Injection via REST API Query Parameters
CVSS 8.8
CVE-2024-13531
HIGH
ShipEngine Shipping Quotes <= 1.0.7 - Unauthenticated SQL Injection via edit_id Parameter
CVSS 7.5
CVE-2024-13490
HIGH
LTL Freight Quotes - XPO Edition <4.3.7 - SQL Injection
CVSS 7.5
CVE-2024-13475
HIGH
Small Package Quotes - UPS Edition <4.5.16 - SQL Injection
CVSS 7.5
CVE-2024-13473
HIGH
LTL Freight Quotes - Worldwide Express Edition <5.0.20 - SQL Injection
CVSS 7.5
CVE-2024-13435
HIGH
Ebook Downloader <1.0 - SQL Injection
CVSS 7.5
CVE-2024-55212
MEDIUM
DNNGo xBlog 6.5.0 - SQL Injection via Categorys Parameter
CVSS 6.5
CVE-2024-57178
MEDIUM
Stock-Forecaster <=01-04-2020 - SQL Injection
CVSS 5.9
CVE-2024-13440
HIGH
Super Store Finder <7.0 - SQL Injection
CVSS 8.2
CVE-2024-57606
HIGH
JeecgBoot < 3.7.3 - SQL Injection via getTotalData Component
CVSS 7.5
CVE-2024-57430
CRITICAL
PHPJabbers Cinema Booking System 2.0 - SQL Injection via pjActionGetUser Column Parameter
CVSS 9.8
CVE-2024-57098
CRITICAL
Moss v0.1.3 - SQL Injection via Order Parameter
CVSS 9.8
CVE-2024-57238
HIGH
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,654
Exploit Likelihood
High