CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-13341
MEDIUM
MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - SQL Injection via data-id
CVSS 6.5
CVE-2024-57587
CRITICAL
EasyVirt DCScope <= 8.6.0 and CO2Scope < 1.3.0 - Unauthenticated SQL Injection via Login Parameters
CVSS 9.1
CVE-2024-53354
MEDIUM
EasyVirt CO2Scope < 1.3.0 and DCScope < 8.6.0 - Authenticated SQL Injection via Multiple API Parameters
CVSS 6.5
CVE-2024-13596
MEDIUM
WordPress Survey & Poll Plugin <= 1.7.5 - Authenticated SQL Injection via Shortcode ID
CVSS 6.5
CVE-2024-57665
CRITICAL
JFinalCMS 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2024-57437
MEDIUM
RuoYi v4.8.0 - SQL Injection via OrderBy Parameter
CVSS 6.5
CVE-2024-11956
MEDIUM
Pimcore < 4.2.1 - SQL Injection via Customer List Filter Parameter
CVSS 4.7
CVE-2024-11135
HIGH
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.8 - Unauthenticated SQL Injection via event Parameter
CVSS 7.5
CVE-2024-54146
HIGH
Cacti < 1.2.29 - SQL Injection via host_templates.php graph_template Parameter
CVSS 7.6
CVE-2024-54145
MEDIUM
Cacti < 1.2.29 - SQL Injection via Network Parameter in get_discovery_results
CVSS 6.3
CVE-2024-13095
MEDIUM
WP Triggers Lite <2.5.3 - SQL Injection
CVSS 4.8
CVE-2024-12773
HIGH
Altra Side Menu < 2.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-10628
HIGH
Quiz Maker Business/Developer/Agency <= 8.8.0/21.8.0/31.8.0 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 7.5
CVE-2024-35148
MEDIUM
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - SQL Injection in Monitor Component
CVSS 6.3
CVE-2024-57095
MEDIUM
Go-CMS 1.1.10 - SQL Injection Code Execution
CVSS 6.8
CVE-2024-13594
MEDIUM
Simple Downloads List <= 1.4.2 - Authenticated SQL Injection via neofix_sdl Shortcode Category Attribute
CVSS 6.5
CVE-2024-13680
MEDIUM
Form Builder CP <= 1.2.41 - Authenticated SQL Injection via 'id' Parameter
CVSS 6.5
CVE-2024-55573
CRITICAL
Centreon Web 23.04.0-23.04.23 - Authenticated SQL Injection via Virtual Metrics Form
CVSS 9.1
CVE-2024-57328
CRITICAL
Online Food Ordering System 1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2024-53923
CRITICAL
Centreon Web <24.10.3, <24.04.9, <23.10.19, <23.04.24 - SQL Injection
CVSS 9.1
CVE-2024-55971
CRITICAL
Logitime WebClock <= 5.43.0 - SQL Injection
CVSS 10.0
CVE-2024-13236
MEDIUM
Tainacan <= 0.21.12 - Authenticated SQL Injection via collection_id Parameter
CVSS 6.5
CVE-2024-13234
HIGH
Product Table by WBW <2.1.2 - SQL Injection
CVSS 7.5
CVE-2024-13496
HIGH
GamiPress - Time-Based SQL Injection
CVSS 7.5
CVE-2024-13426
MEDIUM
WP-Polls <= 2.77.2 - Unauthenticated SQL Injection via COOKIE
CVSS 5.4
Details
Vulnerabilities
19,654
Exploit Likelihood
High