CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-54842
CRITICAL
phpgurukul Online Nurse Hiring System v1.0 - SQL Injection via Mobileno Parameter
CVSS 9.8
CVE-2024-50584
MEDIUM
Scan2Net < 7.42 - Authenticated SQL Injection via Templates Parameter
CVSS 4.4
CVE-2024-28145
MEDIUM
Scan2Net < 7.40 - Unauthenticated SQL Injection via GET Parameters
CVSS 5.9
CVE-2024-10499
HIGH
AI Engine WordPress Plugin < 2.6.5 - Authenticated SQL Injection via REST API Parameter
CVSS 7.2
CVE-2024-12406
MEDIUM
Library Management System - Manage e-Digital Books Library <3.0.0 -...
CVSS 6.5
CVE-2024-11430
MEDIUM
SQL Chart Builder plugin <2.3.6 - SQL Injection
CVSS 6.5
CVE-2024-12497
HIGH
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via admin_user_name Parameter
CVSS 7.3
CVE-2024-12492
MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /visualizar-usuario.php id Parameter
CVSS 6.3
CVE-2024-12490
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Teacher Save Page
CVSS 6.3
CVE-2024-12489
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via term.php id Parameter
CVSS 6.3
CVE-2024-12488
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via subject_update.php id Parameter
CVSS 6.3
CVE-2024-12487
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via /pages/room_update.php id Parameter
CVSS 6.3
CVE-2024-12486
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via rank_update.php id Parameter
CVSS 6.3
CVE-2024-12485
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via Department ID Parameter
CVSS 6.3
CVE-2024-12484
HIGH
Codezips Technical Discussion Forum 1.0 - SQL Injection via Username Parameter in signuppost.php
CVSS 7.3
CVE-2024-12481
MEDIUM
cjbi wetech-cms 1.0/1.1/1.2 - SQL Injection via UserDao.findUser
CVSS 6.3
CVE-2024-12480
MEDIUM
cjbi wetech-cms 1.0/1.1/1.2 - SQL Injection via TopicDao searchTopic Function
CVSS 6.3
CVE-2024-12479
MEDIUM
cjbi wetech-cms 1.0/1.1/1.2 - SQL Injection via searchTopicByKeyword Function
CVSS 6.3
CVE-2024-53480
CRITICAL
Phpgurukul Beauty Parlour Management System 1.1 - SQL Injection via login.php emailcont Parameter
CVSS 9.8
CVE-2024-51165
HIGH
ketr jepaas 7.2.8 - SQL Injection via dateVal Parameter
CVSS 7.5
CVE-2024-11773
CRITICAL
Ivanti Cloud Services Appliance < 5.0.3 - Authenticated SQL Injection in Admin Web Console
CVSS 9.1
CVE-2024-55586
CRITICAL
Nette Database through 3.2.4 - SQL Injection via Untrusted Filter in where Method
CVSS 9.8
CVE-2024-52538
HIGH
Dell Avamar < 19.12 - Authenticated SQL Injection
CVSS 7.6
CVE-2024-47977
HIGH
Dell Avamar < 19.12 - Authenticated SQL Injection
CVSS 7.1
CVE-2024-47484
HIGH
Dell Avamar <19.12-19.10SP1 - SQL Injection
CVSS 8.2
Details
Vulnerabilities
19,654
Exploit Likelihood
High