CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-54934 CRITICAL
Kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_class.php
CVSS 9.8
CVE-2024-54932 CRITICAL
Kashipara E-learning Management System v1.0 - SQL Injection via delete_department.php
CVSS 9.8
CVE-2024-54931 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-54928 HIGH
kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_teacher.php
CVSS 7.2
CVE-2024-54927 HIGH
Kashipara E-learning Management System v1.0 - SQL Injection via /admin/delete_users.php
CVSS 7.2
CVE-2024-54925 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-54924 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via edit_content.php title and content parameters
CVSS 9.8
CVE-2024-54923 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Department Parameter
CVSS 9.8
CVE-2024-54921 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Student Signup Parameters
CVSS 9.8
CVE-2024-54933 HIGH
Kashipara E-learning Management System 1.0 - SQL Injection via /admin/delete_content.php
CVSS 7.2
CVE-2024-54930 HIGH
Kashipara E-learning Management System v1.0 - SQL Injection via /admin/delete_student.php
CVSS 7.2
CVE-2024-54922 HIGH
kashipara E-learning Management System v1.0 - SQL Injection via edit_user.php Parameters
CVSS 7.2
CVE-2024-54926 HIGH
kashipara E-learning Management System v1.0 - SQL Injection via school_year Parameter
CVSS 8.8
CVE-2024-54920 CRITICAL
kashipara E-learning Management System 1.0 - SQL Injection via Teacher Signup Parameters
CVSS 9.8
CVE-2024-8259 CRITICAL
Eryaz NatraCar <09.12.2024 - SQL Injection
CVSS 9.8
CVE-2024-54929 HIGH
KASHIPARA E-learning Management System 1.0 - SQL Injection via delete_subject.php
CVSS 7.2
CVE-2024-53947 CRITICAL
Apache Superset <4.1.0 - SQL Injection
CVSS 9.8
CVE-2024-54215 CRITICAL
Roninwp Revy <= 1.18 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-12360 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via class_update.php id Parameter
CVSS 6.3
CVE-2024-12351 MEDIUM
JFinalCMS 1.0 - SQL Injection via ContentModel findPage Function
CVSS 6.3
CVE-2024-12270 HIGH
Beautiful taxonomy filters plugin <2.4.3 - SQL Injection
CVSS 7.5
CVE-2024-8679 MEDIUM
Library Management System - Manage e-Digital Books Library <3.0.0 -...
CVSS 6.8
CVE-2024-50389 CRITICAL
QuRouter < 2.4.5.032 - SQL Injection
CVSS 9.8
CVE-2024-50387 CRITICAL
QNAP SMB Service - SQL Injection
CVSS 9.8
CVE-2024-53817 HIGH
Acowebs Product Labels For Woocommerce <1.5.8 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,654
Exploit Likelihood High