CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-7837 HIGH
Firmanet Software ERP <22.11.2024 - SQL Injection
CVSS 8.2
CVE-2024-49588 MEDIUM
Oracle Sidecar <0.543.0 - SQL Injection
CVSS 6.8
CVE-2024-11592 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-7026 HIGH
Teknogis Informatics Closed Circuit Vehicle Tracking Software <21.1...
CVSS 7.5
CVE-2024-11591 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11590 HIGH
1000 Projects Bookstore Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-11589 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9828 MEDIUM
Taskbuilder < 3.0.5 - Authenticated SQL Injection via load_orders Parameter
CVSS 4.1
CVE-2024-10400 HIGH
Tutor LMS < 2.7.6 - Unauthenticated SQL Injection via Rating Filter Parameter
CVSS 7.5
CVE-2024-52725 MEDIUM
SemCms v4.8 - SQL Injection via ldgid Parameter in SEMCMS_SeoAndTag.php
CVSS 4.9
CVE-2024-11487 MEDIUM
Code4Berry Decoration Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-11179 MEDIUM
MStore API < 4.15.7 - Authenticated SQL Injection via status_type Parameter
CVSS 6.5
CVE-2024-52360 HIGH
IBM Concert Software <1.0.3 - SQL Injection
CVSS 7.6
CVE-2024-48072 CRITICAL
Weaver e-cology v9.* - SQL Injection via MECAction Component
CVSS 9.8
CVE-2024-52675 CRITICAL
SourceCodester Sentiment Based Movie Rating System 1.0 - SQL Injection in movies.php
CVSS 9.8
CVE-2024-44756 CRITICAL
NUS-M9 ERP Mgmt SW v3.0.0 - SQL Injection
CVSS 9.8
CVE-2024-52436 HIGH
Post SMTP < 2.9.9 - Blind SQL Injection
CVSS 7.6
CVE-2024-52435 HIGH
WPDM - Premium Packages <= 6.0.5 - SQL Injection
CVSS 7.6
CVE-2024-52431 CRITICAL
WordPress Video Robot - The Ultimate Video Importer < 1.20.0 - SQL Injection
CVSS 9.3
CVE-2024-3370 HIGH
Egebilgi Software Website Template <29.04.2024 - SQL Injection
CVSS 8.6
CVE-2024-49574 HIGH
Zohocorp ManageEngine ADAudit Plus <8123 - SQL Injection
CVSS 8.3
CVE-2024-11305 MEDIUM
Altenergy Power Control Software <20241108 - SQL Injection
CVSS 6.3
CVE-2024-9887 HIGH
WP as SAML IDP <1.15.6 - SQL Injection
CVSS 7.2
CVE-2024-10645 HIGH
Blogger 301 Redirect <2.5.3 - SQL Injection
CVSS 7.5
CVE-2024-11258 HIGH
1000projects Beauty Parlour Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
Details
Vulnerabilities 19,654
Exploit Likelihood High