CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-12948 MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via /detail.php pid Parameter
CVSS 6.3
CVE-2024-12947 MEDIUM
Codezips Hospital Management System 1.0 - SQL Injection via invo.php dname Parameter
CVSS 6.3
CVE-2024-12946 HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via admin_user_name Parameter
CVSS 7.3
CVE-2024-12945 HIGH
code-projects Simple Car Rental System 1.0 - SQL Injection via Email/Pass Parameter
CVSS 7.3
CVE-2024-12944 HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via /signin.php u/p Parameters
CVSS 7.3
CVE-2024-12943 HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via /ownersignup.php Parameter Manipulation
CVSS 7.3
CVE-2024-12942 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via Admin Login
CVSS 7.3
CVE-2024-12941 MEDIUM
CodeAstro Blood Donor Management System 1.0 - SQL Injection via /pages/deletedannounce.php id Parameter
CVSS 6.3
CVE-2024-12940 HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via student_id Parameter
CVSS 7.3
CVE-2024-12939 MEDIUM
Job Recruitment 1.0 - SQL Injection via Degree Parameter in add_edu Function
CVSS 6.3
CVE-2024-12938 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via updateOrderStatus.php Record Parameter
CVSS 6.3
CVE-2024-12937 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via qty Parameter in addVariationController.php
CVSS 6.3
CVE-2024-12936 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via catDeleteController.php Record Argument
CVSS 6.3
CVE-2024-12935 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via editItemForm.php Record Argument
CVSS 6.3
CVE-2024-12934 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via updateItemController.php p_desk Parameter
CVSS 6.3
CVE-2024-12931 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via /addCatController.php size Parameter
CVSS 6.3
CVE-2024-12929 MEDIUM
code-projects Student Management System 1.0.00 - SQL Injection via addCatController.php Size Parameter
CVSS 6.3
CVE-2024-12928 MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via c_name Argument
CVSS 6.3
CVE-2024-12927 HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via faculty_emailid Parameter
CVSS 7.3
CVE-2024-12926 MEDIUM
Codezips Project Management System 1.0 - SQL Injection via Advanced Form Name Parameter
CVSS 6.3
CVE-2024-8950 CRITICAL
Arne Informatics Piramit Automation <27.09.2024 - SQL Injection
CVSS 9.9
CVE-2024-10862 MEDIUM
NEX-Forms < 8.7.15 - Unauthenticated SQL Injection via search_params Parameter
CVSS 4.9
CVE-2024-12428 HIGH
WP Data Access - App, Table, Form and Chart Builder <5.5.22 - SQL I...
CVSS 7.5
CVE-2024-12032 MEDIUM
Tourfic < 2.15.3 - Authenticated SQL Injection via Enquiry ID Parameter
CVSS 6.5
CVE-2024-12746 HIGH
Amazon Redshift ODBC Driver 2.1.5.0 - SQL Injection via SQLTables or SQLColumns Metadata APIs
CVSS 8.0
Details
Vulnerabilities 19,654
Exploit Likelihood High