CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-11257 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2024-11256 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-45608 MEDIUM
GLPI 9.5.0-10.0.16 - Authenticated SQL Injection via Preferences
CVSS 6.5
CVE-2024-41679 MEDIUM
GLPI 10.0.0-10.0.16 - Authenticated SQL Injection via Ticket Form
CVSS 6.5
CVE-2024-40638 HIGH
GLPI 0.85-10.0.16 - Authenticated SQL Injection
CVSS 8.1
CVE-2024-11251 MEDIUM
Jeewms < 2024-11-08 - SQL Injection via cgReportController.do begin_date Parameter
CVSS 6.3
CVE-2024-11250 MEDIUM
code-projects Inventory Management <= 1.0 - SQL Injection via /model/editProduct.php id Parameter
CVSS 6.3
CVE-2024-51164 CRITICAL
JEPaaS 7.2.8 - SQL Injection via /je/login/btnLog/insertBtnLog
CVSS 9.1
CVE-2024-50724 CRITICAL
KASO v9.0 - SQL Injection via person_id Parameter
CVSS 9.8
CVE-2024-11245 MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /editar-produto.php id Parameter
CVSS 6.3
CVE-2024-11244 MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /editar-cliente.php id Parameter
CVSS 6.3
CVE-2024-11242 MEDIUM
ZZCMS 2023 - SQL Injection via Keyword Filtering in /admin/ad_list.php
CVSS 4.7
CVE-2024-11241 HIGH
Job Recruitment 1.0 - SQL Injection via reset.php e Parameter
CVSS 7.3
CVE-2024-50831 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via Username and Password Parameters
CVSS 7.2
CVE-2024-50830 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via date_start, date_end, and title Parameters
CVSS 7.2
CVE-2024-50829 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via unit Parameter
CVSS 7.2
CVE-2024-50828 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via edit_department.php d Parameter
CVSS 7.2
CVE-2024-50827 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via subject_code Parameter
CVSS 7.2
CVE-2024-50826 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via Title and Content Parameters
CVSS 7.2
CVE-2024-50825 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via school_year Parameter
CVSS 7.2
CVE-2024-50824 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via class_name Parameter
CVSS 7.2
CVE-2024-50823 CRITICAL
kashipara E-learning Management System Project 1.0 - SQL Injection via Username and Password Parameters
CVSS 9.8
CVE-2024-50835 HIGH
KASHIPARA E-learning Management System Project 1.0 - SQL Injection via edit_student.php Parameters
CVSS 7.2
CVE-2024-50834 HIGH
KASHIPARA E-learning Management System Project 1.0 - SQL Injection via Teacher Firstname and Lastname Parameters
CVSS 7.2
CVE-2024-50833 CRITICAL
KASHIPARA E-learning Management System Project 1.0 - SQL Injection via Login Page Parameters
CVSS 9.8
Details
Vulnerabilities 19,654
Exploit Likelihood High