CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-13341 MEDIUM
MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - SQL Injection via data-id
CVSS 6.5
CVE-2024-57587 CRITICAL
EasyVirt DCScope <= 8.6.0 and CO2Scope < 1.3.0 - Unauthenticated SQL Injection via Login Parameters
CVSS 9.1
CVE-2024-53354 MEDIUM
EasyVirt CO2Scope < 1.3.0 and DCScope < 8.6.0 - Authenticated SQL Injection via Multiple API Parameters
CVSS 6.5
CVE-2024-13596 MEDIUM
WordPress Survey & Poll Plugin <= 1.7.5 - Authenticated SQL Injection via Shortcode ID
CVSS 6.5
CVE-2024-57665 CRITICAL
JFinalCMS 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2024-57437 MEDIUM
RuoYi v4.8.0 - SQL Injection via OrderBy Parameter
CVSS 6.5
CVE-2024-11956 MEDIUM
Pimcore < 4.2.1 - SQL Injection via Customer List Filter Parameter
CVSS 4.7
CVE-2024-11135 HIGH
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.8 - Unauthenticated SQL Injection via event Parameter
CVSS 7.5
CVE-2024-54146 HIGH
Cacti < 1.2.29 - SQL Injection via host_templates.php graph_template Parameter
CVSS 7.6
CVE-2024-54145 MEDIUM
Cacti < 1.2.29 - SQL Injection via Network Parameter in get_discovery_results
CVSS 6.3
CVE-2024-13095 MEDIUM
WP Triggers Lite <2.5.3 - SQL Injection
CVSS 4.8
CVE-2024-12773 HIGH
Altra Side Menu < 2.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-10628 HIGH
Quiz Maker Business/Developer/Agency <= 8.8.0/21.8.0/31.8.0 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 7.5
CVE-2024-35148 MEDIUM
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - SQL Injection in Monitor Component
CVSS 6.3
CVE-2024-57095 MEDIUM
Go-CMS 1.1.10 - SQL Injection Code Execution
CVSS 6.8
CVE-2024-13594 MEDIUM
Simple Downloads List <= 1.4.2 - Authenticated SQL Injection via neofix_sdl Shortcode Category Attribute
CVSS 6.5
CVE-2024-13680 MEDIUM
Form Builder CP <= 1.2.41 - Authenticated SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2024-55573 CRITICAL
Centreon Web 23.04.0-23.04.23 - Authenticated SQL Injection via Virtual Metrics Form
CVSS 9.1
CVE-2024-57328 CRITICAL
Online Food Ordering System 1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2024-53923 CRITICAL
Centreon Web <24.10.3, <24.04.9, <23.10.19, <23.04.24 - SQL Injection
CVSS 9.1
CVE-2024-55971 CRITICAL
Logitime WebClock <= 5.43.0 - SQL Injection
CVSS 10.0
CVE-2024-13236 MEDIUM
Tainacan <= 0.21.12 - Authenticated SQL Injection via collection_id Parameter
CVSS 6.5
CVE-2024-13234 HIGH
Product Table by WBW <2.1.2 - SQL Injection
CVSS 7.5
CVE-2024-13496 HIGH
GamiPress - Time-Based SQL Injection
CVSS 7.5
CVE-2024-13426 MEDIUM
WP-Polls <= 2.77.2 - Unauthenticated SQL Injection via COOKIE
CVSS 5.4
Details
Vulnerabilities 19,654
Exploit Likelihood High