CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-52724 CRITICAL
ZZCMS 2023 - SQL Injection via /q/show.php
CVSS 9.8
CVE-2024-53364 MEDIUM
PHPGURUKUL Vehicle Parking Management System 1.13 - SQL Injection via viewid Parameter
CVSS 5.4
CVE-2024-46908 HIGH
WhatsUp Gold < 24.0.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-46907 HIGH
WhatsUp Gold < 24.0.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-46906 HIGH
WhatsUp Gold < 24.0.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-46905 HIGH
WhatsUp Gold < 24.0.1 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-53792 HIGH
Kiboko Labs Watu Quiz <3.4.2 - SQL Injection
CVSS 8.5
CVE-2024-12015 HIGH
WordPress Project Manager - Authenticated SQL Injection
CVSS 7.7
CVE-2024-12007 MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /visualizar-produto.php id Parameter
CVSS 6.3
CVE-2024-53783 HIGH
Anzia Ni WooCommerce Cost Of Goods <3.2.8 - SQL Injection
CVSS 7.6
CVE-2024-11998 MEDIUM
farmacia 1.0 - SQL Injection via /visualizer-forneccedor.chp id Parameter
CVSS 6.3
CVE-2024-53507 CRITICAL
Siyuan 3.1.11 - SQL Injection via /getHistoryItems
CVSS 9.8
CVE-2024-53506 CRITICAL
Siyuan 3.1.11 - SQL Injection via ids Array Parameter in /batchGetBlockAttrs
CVSS 9.8
CVE-2024-53505 CRITICAL
Siyuan 3.1.11 - SQL Injection via id Parameter at /getAssetContent
CVSS 9.8
CVE-2024-53504 CRITICAL
Siyuan 3.1.11 - SQL Injection via Notebook Parameter in Search History
CVSS 9.8
CVE-2024-11970 HIGH
Concert Ticket Ordering System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11968 MEDIUM
code-projects Farmacia <1.0 - SQL Injection
CVSS 6.3
CVE-2024-11967 HIGH
PHPGurukul Complaint Management 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11966 HIGH
PHPGurukul Complaint Management 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11965 HIGH
PHPGurukul Complaint Management 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11964 HIGH
PHPGurukul Complaint Management 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11963 MEDIUM
code-projects Responsive Hotel Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-11962 HIGH
Simple Car Rental System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8308 MEDIUM
Web Application <version> - SQL Injection
CVSS 6.5
CVE-2024-52495 HIGH
Eniture Technology Distance Based Shipping Calculator <2.0.21 - SQL...
CVSS 8.5
Details
Vulnerabilities 19,654
Exploit Likelihood High