CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-55517
HIGH
Polaris FT Intellect Core Banking 9.5 - SQL Injection
CVSS 8.8
CVE-2024-11939
HIGH
Cost Calculator Builder PRO <3.2.15 - SQL Injection
CVSS 7.5
CVE-2024-12030
MEDIUM
MDTF - Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated SQL Injection via mdf_value Shortcode Key Attribute
CVSS 6.5
CVE-2024-48245
HIGH
Vehicle Management System 1.0 - SQL Injection via Booking ID, Action Name, or Payment Confirmation ID
CVSS 7.2
CVE-2024-56290
CRITICAL
Multiple Shipping And Billing Address For Woocommerce <= 1.2 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-56284
CRITICAL
SSL Wireless SMS Notification <3.5.0 - SQL Injection
CVSS 9.3
CVE-2024-51715
HIGH
ClickWhale < 2.4.1 - Blind SQL Injection
CVSS 8.5
CVE-2024-8855
CRITICAL
WordPress Auction Plugin < 3.7 - Authenticated SQL Injection
CVSS 9.8
CVE-2024-12332
MEDIUM
School Management System - WPSchoolPress <= 2.2.14 - Authenticated SQL Injection via cid Parameter
CVSS 6.5
CVE-2024-12157
HIGH
MailChimp, GetResponse & ActiveCampaign Integrations <= 3.2.6 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2024-12416
HIGH
Live Sales Notification for Woocommerce - Woomotiv <= 3.6.1 - SQL Injection via Cookie
CVSS 7.5
CVE-2024-11437
MEDIUM
Timeline Designer <1.4 - SQL Injection
CVSS 4.9
CVE-2024-12311
MEDIUM
Email Subscribers by Icegram Express < 5.7.44 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-41767
HIGH
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 - SQL Injection
CVSS 7.3
CVE-2024-12195
MEDIUM
WP Project Manager < 2.6.17 - Authenticated SQL Injection via 'project_id' Parameter
CVSS 6.5
CVE-2024-48814
HIGH
Silverpeas 6.4.1 - SQL Injection via ViewType Parameter in findbywhereclause Function
CVSS 7.5
CVE-2024-56250
HIGH
GregRoss Just Writing Statistics <4.7 - SQL Injection
CVSS 7.6
CVE-2024-56247
HIGH
AF themes WP Post Author <= 3.8.2 - SQL Injection
CVSS 7.6
CVE-2024-13093
MEDIUM
code-projects Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13092
MEDIUM
Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13085
HIGH
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-13084
MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13079
MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13078
MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13072
MEDIUM
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,654
Exploit Likelihood
High