CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-54934
CRITICAL
Kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_class.php
CVSS 9.8
CVE-2024-54932
CRITICAL
Kashipara E-learning Management System v1.0 - SQL Injection via delete_department.php
CVSS 9.8
CVE-2024-54931
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-54928
HIGH
kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_teacher.php
CVSS 7.2
CVE-2024-54927
HIGH
Kashipara E-learning Management System v1.0 - SQL Injection via /admin/delete_users.php
CVSS 7.2
CVE-2024-54925
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-54924
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via edit_content.php title and content parameters
CVSS 9.8
CVE-2024-54923
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Department Parameter
CVSS 9.8
CVE-2024-54921
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Student Signup Parameters
CVSS 9.8
CVE-2024-54933
HIGH
Kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_content.php
CVSS 7.2
CVE-2024-54930
HIGH
Kashipara E-learning Management System v1.0 - SQL Injection via /admin/delete_student.php
CVSS 7.2
CVE-2024-54922
HIGH
kashipara E-learning Management System v1.0 - SQL Injection via edit_user.php Parameters
CVSS 7.2
CVE-2024-54926
HIGH
kashipara E-learning Management System v1.0 - SQL Injection via school_year Parameter
CVSS 8.8
CVE-2024-54920
CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Teacher Signup Parameters
CVSS 9.8
CVE-2024-8259
CRITICAL
Eryaz NatraCar <09.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-54929
HIGH
KASHIPARA E-learning Management System 1.0 - SQL Injection via delete_subject.php
CVSS 7.2
CVE-2024-53947
CRITICAL
Apache Superset <4.1.0 - SQL Injection
CVSS 9.8
CVE-2024-54215
CRITICAL
Roninwp Revy <= 1.18 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-12360
MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via class_update.php id Parameter
CVSS 6.3
CVE-2024-12351
MEDIUM
JFinalCMS 1.0 - SQL Injection via ContentModel findPage Function
CVSS 6.3
CVE-2024-12270
HIGH
Beautiful taxonomy filters plugin <2.4.3 - SQL Injection
CVSS 7.5
CVE-2024-8679
MEDIUM
Library Management System - Manage e-Digital Books Library <3.0.0 -...
CVSS 6.8
CVE-2024-50389
CRITICAL
QuRouter < 2.4.5.032 - SQL Injection
CVSS 9.8
CVE-2024-50387
CRITICAL
QNAP SMB Service - SQL Injection
CVSS 9.8
CVE-2024-53817
HIGH
Acowebs Product Labels For Woocommerce <1.5.8 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,654
Exploit Likelihood
High