CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-12784 MEDIUM
itsourcecode Vehicle Management System 1.0 - SQL Injection via editbill.php id Parameter
CVSS 6.3
CVE-2024-10244 CRITICAL
ISDO Software Web Software < 3.6 - SQL Injection
CVSS 9.8
CVE-2024-56053 HIGH
VibeThemes WPLMS < 1.9.9.5.3 - SQL Injection
CVSS 7.6
CVE-2024-56047 HIGH
Vibethemes Wordpress Learning Management System - SQL Injection
CVSS 8.5
CVE-2024-55953 HIGH
DataEase < 1.18.27 - Authenticated SQL Injection via JDBC Connection String
CVSS 8.1
CVE-2024-55985 HIGH
ydesignservices YDS Support Ticket System <1.0 - SQL Injection
CVSS 8.5
CVE-2024-55984 HIGH
Saksh Escrow System <2.4 - SQL Injection
CVSS 8.5
CVE-2024-55983 HIGH
PowerFormBuilder <1.0.6 - SQL Injection
CVSS 8.5
CVE-2024-55975 HIGH
Rohit Urane Dr Affiliate <1.2.3 - SQL Injection
CVSS 8.5
CVE-2024-11912 HIGH
Travel Booking WordPress Theme <3.1.6 - Blind Time-Based SQL Injection
CVSS 7.5
CVE-2024-12025 HIGH
Collapsing Categories <3.0.8 - SQL Injection
CVSS 7.5
CVE-2024-55496 CRITICAL
1000projects Bookstore Management System 1.0 - SQL Injection via add_company.php Delete Parameter
CVSS 9.1
CVE-2024-8972 CRITICAL
Mobil365 Informatics Saha365 App <30.09.2024 - SQL Injection
CVSS 9.8
CVE-2024-55104 HIGH
Online Nurse Hiring System v1.0 - SQL Injection via Gender and Email Parameters
CVSS 7.2
CVE-2024-55103 HIGH
Online Nurse Hiring System v1.0 - SQL Injection via Fullname Parameter
CVSS 7.2
CVE-2024-54284 HIGH
SeedProd Pro <6.18.10 - SQL Injection
CVSS 7.6
CVE-2024-54283 HIGH
SeedProd Pro <6.18.10 - SQL Injection
CVSS 7.6
CVE-2024-54280 CRITICAL
Iqonic Design WPBookit <1.6.0 - SQL Injection
CVSS 9.3
CVE-2024-55990 HIGH
Mollie for Contact Form 7 <5.0.0 - SQL Injection
CVSS 7.6
CVE-2024-55989 HIGH
WP Simple Pay Lite Manager <1.4 - SQL Injection
CVSS 7.6
CVE-2024-55988 CRITICAL
Amol Nirmala Waman Navayan CSV Export <1.0.9 - SQL Injection
CVSS 9.3
CVE-2024-55987 HIGH
Advanced What should we write next about <n/a-1.0.3 - SQL Injection
CVSS 8.5
CVE-2024-55986 HIGH
Serviceonline <1.0.4 - SQL Injection
CVSS 8.5
CVE-2024-55982 CRITICAL
Richteam Share Buttons - SQL Injection
CVSS 9.3
CVE-2024-55981 CRITICAL
Nabz Image Gallery <v1.00 - SQL Injection
CVSS 9.3
Details
Vulnerabilities 19,654
Exploit Likelihood High