CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-13001
MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2024-13000
MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection
CVSS 6.3
CVE-2024-12999
MEDIUM
PHPGurukul Small CRM 1.0 - SQL Injection via /admin/edit-user.php id Parameter
CVSS 6.3
CVE-2024-50717
CRITICAL
smart_agent 1.1.0 - SQL Injection via /recuperaLog.php client parameter
CVSS 9.8
CVE-2024-50716
CRITICAL
smart_agent 1.1.0 - SQL Injection via id Parameter in sendPushManually.php
CVSS 9.8
CVE-2024-50713
CRITICAL
smart_agent 1.1.0 - SQL Injection via id Parameter at /tests/interface.php
CVSS 9.8
CVE-2024-12981
MEDIUM
CodeAstro Car Rental System 1.0 - SQL Injection via bookingconfirm.php driver_id_from_dropdown Parameter
CVSS 6.3
CVE-2024-12978
HIGH
Job Recruitment 1.0 - SQL Injection via jid/limit Parameter in add_req Function
CVSS 7.3
CVE-2024-12977
MEDIUM
PHPGurukul Complaint Management System 1.0 - SQL Injection via /admin/state.php State Parameter
CVSS 6.3
CVE-2024-12976
HIGH
CodeZips Hospital Management System 1.0 - SQL Injection via tel Parameter in staff.php
CVSS 7.3
CVE-2024-12969
HIGH
Hospital Management System 1.0 - SQL Injection via Login Username/Password Parameter
CVSS 7.3
CVE-2024-45600
HIGH
pluginsGLPI fields < 1.21.13 - Authenticated SQL Injection
CVSS 7.7
CVE-2024-12968
HIGH
code-projects Job Recruitment 1.0 - SQL Injection via edit_jobpost Function
CVSS 7.3
CVE-2024-12967
HIGH
code-projects Job Recruitment 1.0 - SQL Injection via fname/lname Argument in fln_update Function
CVSS 7.3
CVE-2024-12966
HIGH
code-projects Job Recruitment 1.0 - SQL Injection via cname/url Argument in cn_update Function
CVSS 7.3
CVE-2024-12965
HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_ex_detail.php q Parameter
CVSS 7.3
CVE-2024-12964
HIGH
1000 Projects Daily College Class Work Report Book 1.0 - SQL Injection via /login.php User Parameter
CVSS 7.3
CVE-2024-12963
HIGH
code-projects Job Recruitment 1.0 - SQL Injection via job_company Parameter in add_xp Function
CVSS 7.3
CVE-2024-12962
HIGH
Job Recruitment 1.0 - SQL Injection via Skillset Parameter
CVSS 7.3
CVE-2024-12961
HIGH
1000projects Portfolio Management System MCA 1.0 - SQL Injection via /update_ach_details.php q Parameter
CVSS 7.3
CVE-2024-12960
HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_edu_details.php q Parameter
CVSS 7.3
CVE-2024-12959
HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via /update_personal_details.php q Parameter
CVSS 7.3
CVE-2024-12958
HIGH
1000projects Portfolio Management System MCA 1.0 - SQL Injection via /update_pro_details.php q Parameter
CVSS 7.3
CVE-2024-12950
MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via subcat.php catid Parameter
CVSS 6.3
CVE-2024-12949
MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via subcatid Parameter in package.php
CVSS 6.3
Details
Vulnerabilities
19,654
Exploit Likelihood
High