CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-55980 CRITICAL
Webriderz Wr Age Verification <2.0.0 - SQL Injection
CVSS 9.3
CVE-2024-55979 HIGH
Webriderz Wr Age Verification <2.0.0 - SQL Injection
CVSS 8.5
CVE-2024-55978 CRITICAL
WalletStation.com Code Generator Pro - SQL Injection
CVSS 9.3
CVE-2024-55977 CRITICAL
LaunchPage.app Importer <1.1 - SQL Injection
CVSS 9.3
CVE-2024-55976 CRITICAL
Mike Leembruggen Critical Site Intel <1.0 - SQL Injection
CVSS 9.3
CVE-2024-55974 HIGH
AMS Nexe Iberica Mimoos <1.2 - SQL Injection
CVSS 8.5
CVE-2024-55973 HIGH
Ryan Nystrom TSB Occasion Editor <1.2.1 - SQL Injection
CVSS 8.5
CVE-2024-55972 CRITICAL
eTemplates <= 0.2.1 - SQL Injection
CVSS 9.3
CVE-2024-54361 CRITICAL
outstrip Instant Appointment <1.2 - SQL Injection
CVSS 9.3
CVE-2024-9678 MEDIUM
DLP Extension <11.11.1.3 - SQL Injection
CVSS 4.9
CVE-2024-31892 HIGH
IBM Storage Scale GUI <5.2.1.1 - Privilege Escalation
CVSS 7.5
CVE-2024-11714 MEDIUM
WP Job Portal <2.2.2 - SQL Injection
CVSS 4.9
CVE-2024-11713 MEDIUM
WP Job Portal < 2.2.3 - Authenticated SQL Injection via page_id Parameter
CVSS 4.9
CVE-2024-11711 HIGH
WP Job Portal <2.2.1 - SQL Injection
CVSS 7.5
CVE-2024-11710 MEDIUM
WP Job Portal < 2.2.3 - Authenticated SQL Injection via fieldfor, visibleParent, and id Parameters
CVSS 4.9
CVE-2024-54304 HIGH
Hive Support - WordPress Help Desk <1.1.2 - SQL Injection
CVSS 8.5
CVE-2024-54292 CRITICAL
Appsplate <= 2.1.3 - SQL Injection
CVSS 9.3
CVE-2024-54261 CRITICAL
HK Digital Agency LLC TAX SERVICE Electronic HDM - SQL Injection
CVSS 10.0
CVE-2024-54258 HIGH
anza Ni CRM Lead <1.3.0 - SQL Injection
CVSS 8.5
CVE-2024-54234 CRITICAL
wp-buy Limit Login Attempts <5.5 - SQL Injection
CVSS 9.3
CVE-2024-52057 CRITICAL
RTI Connext Professional - SQL Injection
CVSS 9.8
CVE-2024-11837 CRITICAL
PlexTrac 1.61.3-2.8.1 - N1QL Injection
CVSS 9.8
CVE-2024-54811 CRITICAL
PHPGurukul Park Ticketing Management System 1.0 - SQL Injection via Login Parameter
CVSS 9.8
CVE-2024-54810 CRITICAL
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobileno Parameter
CVSS 9.8
CVE-2024-55099 CRITICAL
phpgurukul Online Nurse Hiring System v1.0 - SQL Injection via Username Parameter
CVSS 9.8
Details
Vulnerabilities 19,654
Exploit Likelihood High