CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-13001 MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13000 MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2024-12999 MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection via /admin/edit-user.php id Parameter
CVSS 6.3
CVE-2024-50717 CRITICAL
smart_agent 1.1.0 - SQL Injection via /recuperaLog.php client parameter
CVSS 9.8
CVE-2024-50716 CRITICAL
smart_agent 1.1.0 - SQL Injection via id Parameter in sendPushManually.php
CVSS 9.8
CVE-2024-50713 CRITICAL
smart_agent 1.1.0 - SQL Injection via id Parameter at /tests/interface.php
CVSS 9.8
CVE-2024-12981 MEDIUM
CodeAstro Car Rental System 1.0 - SQL Injection via bookingconfirm.php driver_id_from_dropdown Parameter
CVSS 6.3
CVE-2024-12978 HIGH
Job Recruitment 1.0 - SQL Injection via jid/limit Parameter in add_req Function
CVSS 7.3
CVE-2024-12977 MEDIUM
PHPGurukul Complaint Management System 1.0 - SQL Injection via /admin/state.php State Parameter
CVSS 6.3
CVE-2024-12976 HIGH
CodeZips Hospital Management System 1.0 - SQL Injection via tel Parameter in staff.php
CVSS 7.3
CVE-2024-12969 HIGH
Hospital Management System 1.0 - SQL Injection via Login Username/Password Parameter
CVSS 7.3
CVE-2024-45600 HIGH
pluginsGLPI fields < 1.21.13 - Authenticated SQL Injection
CVSS 7.7
CVE-2024-12968 HIGH
code-projects Job Recruitment 1.0 - SQL Injection via edit_jobpost Function
CVSS 7.3
CVE-2024-12967 HIGH
code-projects Job Recruitment 1.0 - SQL Injection via fname/lname Argument in fln_update Function
CVSS 7.3
CVE-2024-12966 HIGH
code-projects Job Recruitment 1.0 - SQL Injection via cname/url Argument in cn_update Function
CVSS 7.3
CVE-2024-12965 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_ex_detail.php q Parameter
CVSS 7.3
CVE-2024-12964 HIGH
1000 Projects Daily College Class Work Report Book 1.0 - SQL Injection via /login.php User Parameter
CVSS 7.3
CVE-2024-12963 HIGH
code-projects Job Recruitment 1.0 - SQL Injection via job_company Parameter in add_xp Function
CVSS 7.3
CVE-2024-12962 HIGH
Job Recruitment 1.0 - SQL Injection via Skillset Parameter
CVSS 7.3
CVE-2024-12961 HIGH
1000projects Portfolio Management System MCA 1.0 - SQL Injection via /update_ach_details.php q Parameter
CVSS 7.3
CVE-2024-12960 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_edu_details.php q Parameter
CVSS 7.3
CVE-2024-12959 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_personal_details.php q Parameter
CVSS 7.3
CVE-2024-12958 HIGH
1000projects Portfolio Management System MCA 1.0 - SQL Injection via /update_pro_details.php q Parameter
CVSS 7.3
CVE-2024-12950 MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via subcat.php catid Parameter
CVSS 6.3
CVE-2024-12949 MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via subcatid Parameter in package.php
CVSS 6.3
Details
Vulnerabilities 19,654
Exploit Likelihood High