CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-53815
HIGH
PINPOINT.WORLD Pinpoint Booking System <2.9.9.5.1 - SQL Injection
CVSS 8.5
CVE-2024-53808
HIGH
Basix NEX-Forms <= 8.7.8 - SQL Injection
CVSS 8.5
CVE-2024-53807
HIGH
brandtoss WP Mailster <1.8.16.0 - SQL Injection
CVSS 8.5
CVE-2024-52335
CRITICAL
syngo.plaza VB30E < VB30E_ HF05 - SQL Injection
CVSS 9.8
CVE-2024-51615
CRITICAL
Owen Cutajar & Hyder Jaffari WordPress Auction Plugin <3.7 - SQL In...
CVSS 9.3
CVE-2024-53908
CRITICAL
Django <5.1.4, 5.0 <5.0.10, 4.2 <4.2.17 - SQL Injection
CVSS 9.8
CVE-2024-11730
MEDIUM
KiviCare - Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated SQL Injection via sort[] Parameter
CVSS 6.5
CVE-2024-11729
MEDIUM
KiviCare <= 3.6.4 - Authenticated SQL Injection via get_widget_payment_options
CVSS 6.5
CVE-2024-11728
HIGH
KiviCare <= 3.6.4 - Unauthenticated SQL Injection via tax_calculated_data
CVSS 7.5
CVE-2024-11460
HIGH
Verowa Connect <3.0.1 - SQL Injection
CVSS 7.5
CVE-2024-10247
HIGH
Video Gallery WordPress Plugin <= 2.4.2 - Authenticated SQL Injection via orderby
CVSS 7.2
CVE-2024-41579
CRITICAL
DTStack Taier 1.4.0 - SQL Injection
CVSS 9.8
CVE-2024-12234
HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via /admin/edit-customer-detailed.php Name Parameter
CVSS 7.3
CVE-2024-12231
HIGH
CodeZips Project Management System 1.0 - SQL Injection via Email Parameter
CVSS 7.3
CVE-2024-12230
HIGH
PHPGurukul Complaint Management System 1.0 - SQL Injection via Subcategory Category Parameter
CVSS 7.3
CVE-2024-12229
HIGH
PHPGurukul Complaint Management System 1.0 - SQL Injection via search Parameter in complaint-search.php
CVSS 7.3
CVE-2024-12228
HIGH
PHPGurukul Complaint Management System 1.0 - SQL Injection via User Search Parameter
CVSS 7.3
CVE-2024-48843
HIGH
ABB ASPECT/NEXUS/MATRIX Firmware < 3.08.03 - Denial of Service
CVSS 7.7
CVE-2024-12188
HIGH
1000 Projects Library Management System 1.0 - SQL Injection via stu.php useri Parameter
CVSS 7.3
CVE-2024-12187
HIGH
1000 Projects Library Management System 1.0 - SQL Injection via showbook.php q Parameter
CVSS 7.3
CVE-2024-54221
CRITICAL
Roninwp FAT Services Booking <5.6 - SQL Injection
CVSS 9.3
CVE-2024-53502
LOW
semcms v4.8 - SQL Injection in SEMCMS_SeoAndTag.php
CVSS 3.8
CVE-2024-45757
HIGH
Centreon centreon-bam <24.04 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-11732
MEDIUM
BP Profile Shortcodes Extra <2.6.0 - SQL Injection
CVSS 6.5
CVE-2024-53900
CRITICAL
mongoosejs/mongoose < 6.13.5 and >=8.0.0-rc0 <8.8.3 - Search Injection via $where in Match
CVSS 9.1
Details
Vulnerabilities
19,654
Exploit Likelihood
High