CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-57632 HIGH
MonetDB Server v11.49.1 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57631 HIGH
MonetDB Server v11.49.1 - Denial of Service via Crafted SQL Statements in exp_ref Component
CVSS 7.5
CVE-2024-57630 HIGH
MonetDB v11.49.1 - Denial of Service via Crafted SQL Statements in exps_card Component
CVSS 7.5
CVE-2024-57629 HIGH
MonetDB Server 11.49.1 - Denial of Service via Crafted SQL Statements in tail_type Component
CVSS 7.5
CVE-2024-57628 HIGH
MonetDB Server 11.49.1 - Denial of Service via exp_values_set_supertype
CVSS 7.5
CVE-2024-57627 HIGH
MonetDB Server v11.49.1 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57626 HIGH
MonetDB Server v11.49.1 - Denial of Service via Crafted SQL Statements in mat_join2
CVSS 7.5
CVE-2024-57625 HIGH
MonetDB Server 11.49.1 - Denial of Service via merge_table_prune_and_unionize Component
CVSS 7.5
CVE-2024-57624 HIGH
MonetDB v11.49.1 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2024-57622 HIGH
MonetDB Server 11.49.1 - Denial of Service via Crafted SQL Statements in exp_bin Component
CVSS 7.5
CVE-2024-57621 HIGH
MonetDB v11.47.11 - Denial of Service via GDKanalytical_correlation SQL Statements
CVSS 7.5
CVE-2024-57620 HIGH
MonetDB v11.47.11 - Denial of Service via trimchars Component
CVSS 7.5
CVE-2024-57619 HIGH
MonetDB Server 11.47.11 - Denial of Service via Crafted SQL Statements in atom_get_int
CVSS 7.5
CVE-2024-57617 HIGH
MonetDB Server 11.49.1 - Denial of Service via Crafted SQL Statements in dameraulevenshtein Component
CVSS 7.5
CVE-2024-57616 HIGH
MonetDB v11.47.11 - Denial of Service via vscanf Component
CVSS 7.5
CVE-2024-57615 HIGH
MonetDB Server v11.47.11 - Denial of Service via BATcalcbetween_intern
CVSS 7.5
CVE-2024-12404 HIGH
CF Internal Link Shortcode <1.1.0 - SQL Injection
CVSS 7.5
CVE-2024-9134 HIGH
Arista ng_firewall < 17.2 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-12473 MEDIUM
AI Scribe - SEO AI Writer <2.3 - SQL Injection
CVSS 6.5
CVE-2024-54762 MEDIUM
ruoyi < 4.7.9 - Authenticated SQL Injection via filterKeyword Method
CVSS 6.3
CVE-2024-54761 MEDIUM
BigAnt Office Messenger 5.6.06 - SQL Injection via dev_code Parameter
CVSS 6.3
CVE-2024-12067 MEDIUM
WP Travel - Ultimate Travel Booking System, Tour Management Engine ...
CVSS 6.5
CVE-2024-13204 MEDIUM
kurniaramadhan E-Commerce-PHP 1.0 - SQL Injection
CVSS 5.5
CVE-2024-13194 MEDIUM
Sucms 1.0 - SQL Injection via /admin/admin_members.php uid Parameter
CVSS 6.3
CVE-2024-13193 MEDIUM
semcms < 4.8 - SQL Injection in Image Library Management Page
CVSS 6.3
Details
Vulnerabilities 19,654
Exploit Likelihood High