CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-55517 HIGH
Polaris FT Intellect Core Banking 9.5 - SQL Injection
CVSS 8.8
CVE-2024-11939 HIGH
Cost Calculator Builder PRO <3.2.15 - SQL Injection
CVSS 7.5
CVE-2024-12030 MEDIUM
MDTF - Meta Data and Taxonomies Filter <= 1.3.3.5 - Authenticated SQL Injection via mdf_value Shortcode Key Attribute
CVSS 6.5
CVE-2024-48245 HIGH
Vehicle Management System 1.0 - SQL Injection via Booking ID, Action Name, or Payment Confirmation ID
CVSS 7.2
CVE-2024-56290 CRITICAL
Multiple Shipping And Billing Address For Woocommerce <= 1.2 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-56284 CRITICAL
SSL Wireless SMS Notification <3.5.0 - SQL Injection
CVSS 9.3
CVE-2024-51715 HIGH
ClickWhale < 2.4.1 - Blind SQL Injection
CVSS 8.5
CVE-2024-8855 CRITICAL
WordPress Auction Plugin < 3.7 - Authenticated SQL Injection
CVSS 9.8
CVE-2024-12332 MEDIUM
School Management System - WPSchoolPress <= 2.2.14 - Authenticated SQL Injection via cid Parameter
CVSS 6.5
CVE-2024-12157 HIGH
MailChimp, GetResponse & ActiveCampaign Integrations <= 3.2.6 - Unauthenticated SQL Injection
CVSS 7.5
CVE-2024-12416 HIGH
Live Sales Notification for Woocommerce - Woomotiv <= 3.6.1 - SQL Injection via Cookie
CVSS 7.5
CVE-2024-11437 MEDIUM
Timeline Designer <1.4 - SQL Injection
CVSS 4.9
CVE-2024-12311 MEDIUM
Email Subscribers by Icegram Express < 5.7.44 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-41767 HIGH
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 - SQL Injection
CVSS 7.3
CVE-2024-12195 MEDIUM
WP Project Manager < 2.6.17 - Authenticated SQL Injection via 'project_id' Parameter
CVSS 6.5
CVE-2024-48814 HIGH
Silverpeas 6.4.1 - SQL Injection via ViewType Parameter in findbywhereclause Function
CVSS 7.5
CVE-2024-56250 HIGH
GregRoss Just Writing Statistics <4.7 - SQL Injection
CVSS 7.6
CVE-2024-56247 HIGH
AF themes WP Post Author <= 3.8.2 - SQL Injection
CVSS 7.6
CVE-2024-13093 MEDIUM
code-projects Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13092 MEDIUM
Job Recruitment 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13085 HIGH
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-13084 MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13079 MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13078 MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13072 MEDIUM
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,654
Exploit Likelihood High