CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-13070 MEDIUM
CodeAstro Online Food Ordering System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-56042 CRITICAL
VibeThemes WPLMS < 1.9.9.5.3 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-56041 HIGH
VibeThemes VibeBP <1.9.9.5.1 - SQL Injection
CVSS 8.5
CVE-2024-56039 CRITICAL
VibeThemes VibeBP <1.9.9.7.7 - SQL Injection
CVSS 9.3
CVE-2024-56212 HIGH
DeluxeThemes Userpro <5.1.9 - SQL Injection
CVSS 8.5
CVE-2024-56801 CRITICAL
Tasklists < 2.0.4 - Blind SQL Injection
CVSS 9.8
CVE-2024-46542 MEDIUM
Veritas / Arctera Data Insight <7.1.1 - SQL Injection
CVSS 6.5
CVE-2024-47926 CRITICAL
TCExam < 16.3.5 - SQL Injection
CVSS 9.8
CVE-2024-13039 MEDIUM
Simple Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13038 HIGH
CodeAstro Simple Loan Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-13037 MEDIUM
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via course_id
CVSS 6.3
CVE-2024-13036 MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13035 MEDIUM
Code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13025 MEDIUM
Codezips College Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13024 MEDIUM
Codezips Blood Bank Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13020 MEDIUM
code-projects Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13016 MEDIUM
PHPGurukul Maid Hiring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13014 MEDIUM
PHPGurukul Maid Hiring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13008 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13007 MEDIUM
Codezips Event Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13006 HIGH
1000 Projects Human Resource Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-13005 MEDIUM
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via attendance_id Parameter
CVSS 6.3
CVE-2024-13004 HIGH
PHPGurukul Complaint Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-13003 MEDIUM
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13002 HIGH
1000 Projects Bookstore Management System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,654
Exploit Likelihood High