CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-12948
MEDIUM
code-projects Travel Management System 1.0 - SQL Injection via /detail.php pid Parameter
CVSS 6.3
CVE-2024-12947
MEDIUM
Codezips Hospital Management System 1.0 - SQL Injection via invo.php dname Parameter
CVSS 6.3
CVE-2024-12946
HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via admin_user_name Parameter
CVSS 7.3
CVE-2024-12945
HIGH
code-projects Simple Car Rental System 1.0 - SQL Injection via Email/Pass Parameter
CVSS 7.3
CVE-2024-12944
HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via /signin.php u/p Parameters
CVSS 7.3
CVE-2024-12943
HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via /ownersignup.php Parameter Manipulation
CVSS 7.3
CVE-2024-12942
HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via Admin Login
CVSS 7.3
CVE-2024-12941
MEDIUM
CodeAstro Blood Donor Management System 1.0 - SQL Injection via /pages/deletedannounce.php id Parameter
CVSS 6.3
CVE-2024-12940
HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via student_id Parameter
CVSS 7.3
CVE-2024-12939
MEDIUM
Job Recruitment 1.0 - SQL Injection via Degree Parameter in add_edu Function
CVSS 6.3
CVE-2024-12938
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via updateOrderStatus.php Record Parameter
CVSS 6.3
CVE-2024-12937
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via qty Parameter in addVariationController.php
CVSS 6.3
CVE-2024-12936
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via catDeleteController.php Record Argument
CVSS 6.3
CVE-2024-12935
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via editItemForm.php Record Argument
CVSS 6.3
CVE-2024-12934
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via updateItemController.php p_desk Parameter
CVSS 6.3
CVE-2024-12931
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via /addCatController.php size Parameter
CVSS 6.3
CVE-2024-12929
MEDIUM
code-projects Student Management System 1.0.00 - SQL Injection via addCatController.php Size Parameter
CVSS 6.3
CVE-2024-12928
MEDIUM
code-projects Simple Admin Panel 1.0 - SQL Injection via c_name Argument
CVSS 6.3
CVE-2024-12927
HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via faculty_emailid Parameter
CVSS 7.3
CVE-2024-12926
MEDIUM
Codezips Project Management System 1.0 - SQL Injection via Advanced Form Name Parameter
CVSS 6.3
CVE-2024-8950
CRITICAL
Arne Informatics Piramit Automation <27.09.2024 - SQL Injection
CVSS 9.9
CVE-2024-10862
MEDIUM
NEX-Forms < 8.7.15 - Unauthenticated SQL Injection via search_params Parameter
CVSS 4.9
CVE-2024-12428
HIGH
WP Data Access - App, Table, Form and Chart Builder <5.5.22 - SQL I...
CVSS 7.5
CVE-2024-12032
MEDIUM
Tourfic < 2.15.3 - Authenticated SQL Injection via Enquiry ID Parameter
CVSS 6.5
CVE-2024-12746
HIGH
Amazon Redshift ODBC Driver 2.1.5.0 - SQL Injection via SQLTables or SQLColumns Metadata APIs
CVSS 8.0
Details
Vulnerabilities
19,654
Exploit Likelihood
High