CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-51818 CRITICAL
Fancy Product Designer <6.4.3 - SQL Injection
CVSS 9.3
CVE-2024-49666 HIGH
NotFound ARPrice <4.0.3 - SQL Injection
CVSS 8.5
CVE-2024-49655 CRITICAL
ARPrice <= 4.1.3 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-49333 HIGH
NotFound Hero Mega Menu <1.16.5 - SQL Injection
CVSS 8.5
CVE-2024-49303 HIGH
Hero Mega Menu <1.16.5 - SQL Injection
CVSS 8.5
CVE-2024-13230 MEDIUM
WordPress Super Socializer <7.14 - SQL Injection
CVSS 5.3
CVE-2024-13184 HIGH
WP Extended <3.0.12 - SQL Injection
CVSS 7.5
CVE-2024-57035 CRITICAL
WeGIA v3.2.0 - SQL Injection via nextPage Parameter
CVSS 9.8
CVE-2024-57034 CRITICAL
WeGIA < 3.2.0 - SQL Injection via query_geracao_auto.php Query Parameter
CVSS 9.8
CVE-2024-57031 CRITICAL
WeGIA < 3.2.0 - SQL Injection via id_funcionario Parameter
CVSS 9.8
CVE-2024-57775 HIGH
JFinalOA < 2025-01-01 - SQL Injection via getWorkFlowHis insid Parameter
CVSS 8.8
CVE-2024-57770 HIGH
JFinalOA < 2025-01-01 - SQL Injection via oaContractApply.id Parameter
CVSS 8.8
CVE-2024-57769 HIGH
JFinalOA < 2025-01-01 - SQL Injection via borrowmoney/listData applyUser Parameter
CVSS 8.8
CVE-2024-57768 CRITICAL
JFinalOA < 2025-01-01 - SQL Injection via validRoleKey Parameter
CVSS 9.8
CVE-2024-57162 HIGH
Campcodes Cybercafe Management System 1.0 - SQL Injection in /ccms/view-user-detail.php
CVSS 7.2
CVE-2024-12615 MEDIUM
Passwords Manager <= 1.4.8 - Authenticated SQL Injection via AJAX Action $wpdb->prefix Parameter
CVSS 6.5
CVE-2024-12614 HIGH
Passwords Manager <= 1.4.8 - Authenticated Unauthorized Data Modification via AJAX Actions
CVSS 7.5
CVE-2024-12613 HIGH
Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection via AJAX Function Parameter
CVSS 7.5
CVE-2024-57765 HIGH
wangl1989/mysiteforme < 2025-01-01 - SQL Injection via s_name Parameter
CVSS 7.5
CVE-2024-57760 MEDIUM
jeewms < 2025.01.01 - SQL Injection via ReportId Parameter
CVSS 6.5
CVE-2024-13162 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-55593 LOW
FortiWeb 6.3.17-7.6.1 - SQL Injection
CVSS 2.7
CVE-2024-52969 MEDIUM
FortiSIEM < 7.1.7 - Authenticated SQL Injection via Update/Create Case Feature
CVSS 4.1
CVE-2024-35278 MEDIUM
FortiPortal 7.0.0-7.0.8 - Authenticated SQL Injection via HTTP Request
CVSS 4.3
CVE-2024-35275 MEDIUM
FortiAnalyzer 7.4.0-7.4.2 and FortiManager 7.4.0-7.4.2 - SQL Injection via HTTP Requests
CVSS 6.6
Details
Vulnerabilities 19,654
Exploit Likelihood High