CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-52474 CRITICAL
Express Payments Module <1.1.8 - SQL Injection
CVSS 9.3
CVE-2024-53603 HIGH
PHPGurukul COVID 19 Testing Management System 1.0 - SQL Injection via Contact Number Parameter
CVSS 7.3
CVE-2024-42327 CRITICAL
Zabbix 6.0.0-6.0.32 - Authenticated SQL Injection via CUser.addRelatedObjects
CVSS 9.9
CVE-2024-11009 MEDIUM
WordPress Auto internal links <1.2.1 - SQL Injection
CVSS 4.9
CVE-2024-11025 MEDIUM
SMA Sunny Central Storage < 10.01.18.R - Authenticated SQL Injection via Administration Panel
CVSS 5.4
CVE-2024-11819 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11818 HIGH
PHPGurukul User Registration & Login and User Management System 1.0 - SQL Injection via Email Parameter in Signup
CVSS 7.3
CVE-2024-11817 HIGH
PHPGurukul User Registration & Login and User Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-50942 CRITICAL
qiwen-file 1.4.0 - SQL Injection via NoticeMapper.xml
CVSS 9.8
CVE-2024-11744 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10570 HIGH
CleanTalk plugin <2.145 - SQL Injection
CVSS 7.5
CVE-2024-53597 MEDIUM
masterstack_imgcap <0.0.1 - SQL Injection
CVSS 6.3
CVE-2024-50672 CRITICAL
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
CVSS 9.8
CVE-2024-45756 HIGH
Centreon centreon-open-tickets <24.10.0 - SQL Injection
CVSS 7.2
CVE-2024-45755 HIGH
Centreon centreon-dsm-server <24.10.0, <24.04.3, <23.10.1, <23.04.3...
CVSS 7.2
CVE-2024-11663 HIGH
Codezips E-Commerce Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11649 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11648 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11647 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11646 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11632 HIGH
Simple Car Rental System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11631 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8355 MEDIUM
Visteon Infotainment System - SQL Injection
CVSS 6.8
CVE-2024-53438 CRITICAL
ChurchCRM 5.7.0 - SQL Injection via Event Parameter
CVSS 9.8
CVE-2024-7882 MEDIUM
Special Minds Design and Software e-Commerce <22.11.2024 - SQL Inje...
CVSS 6.5
Details
Vulnerabilities 19,654
Exploit Likelihood High