CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-50832
HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via class_name Parameter
CVSS 7.2
CVE-2024-11213
MEDIUM
Best Employee Management System 1.0 - SQL Injection via /admin/edit_role.php id Parameter
CVSS 4.7
CVE-2024-11212
MEDIUM
Best Employee Management System 1.0 - SQL Injection via Barcode Parameter
CVSS 6.3
CVE-2024-9186
HIGH
funnelkit_automations < 3.3.0 - Unauthenticated SQL Injection via bwfan-track-id Parameter
CVSS 8.6
CVE-2024-45876
MEDIUM
baltic-it TOPqw Webportal v1.35.283.2 - SQL Injection
CVSS 6.5
CVE-2024-45875
MEDIUM
baltic-it TOPqw Webportal <1.35.291 - SQL Injection
CVSS 5.4
CVE-2024-39368
HIGH
Intel(R) Neural Compressor <v3.0 - SQL Injection
CVSS 8.0
CVE-2024-40443
MEDIUM
Simple Laboratory Management System 1.0 - SQL Injection
CVSS 4.3
CVE-2024-50972
HIGH
Itsourcecode Construction Management System 1.0 - SQL Injection via borrow_id Parameter
CVSS 7.2
CVE-2024-50971
HIGH
Itsourcecode Construction Management System 1.0 - SQL Injection via print.php map_id Parameter
CVSS 7.2
CVE-2024-50970
HIGH
online_furniture_shopping_project 1.0 - SQL Injection via orderview1.php id Parameter
CVSS 8.8
CVE-2024-37376
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34784
HIGH
Ivanti Endpoint Manager < 2022 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34782
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34781
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34780
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32847
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32844
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32841
HIGH
Ivanti Endpoint Manager SQL Injection (Auth Required)
CVSS 7.2
CVE-2024-32839
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50330
CRITICAL
Ivanti Endpoint Manager SQL Injection (Unauthenticated)
CVSS 9.8
CVE-2024-50328
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50327
HIGH
Ivanti Endpoint Manager SQL Injection (Auth Required)
CVSS 7.2
CVE-2024-50326
HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50323
HIGH
Ivanti Endpoint Manager SQL Injection (Unauthenticated)
CVSS 7.8
Details
Vulnerabilities
19,654
Exploit Likelihood
High