CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-50832 HIGH
kashipara E-learning Management System Project 1.0 - SQL Injection via class_name Parameter
CVSS 7.2
CVE-2024-11213 MEDIUM
Best Employee Management System 1.0 - SQL Injection via /admin/edit_role.php id Parameter
CVSS 4.7
CVE-2024-11212 MEDIUM
Best Employee Management System 1.0 - SQL Injection via Barcode Parameter
CVSS 6.3
CVE-2024-9186 HIGH
funnelkit_automations < 3.3.0 - Unauthenticated SQL Injection via bwfan-track-id Parameter
CVSS 8.6
CVE-2024-45876 MEDIUM
baltic-it TOPqw Webportal v1.35.283.2 - SQL Injection
CVSS 6.5
CVE-2024-45875 MEDIUM
baltic-it TOPqw Webportal <1.35.291 - SQL Injection
CVSS 5.4
CVE-2024-39368 HIGH
Intel(R) Neural Compressor <v3.0 - SQL Injection
CVSS 8.0
CVE-2024-40443 MEDIUM
Simple Laboratory Management System 1.0 - SQL Injection
CVSS 4.3
CVE-2024-50972 HIGH
Itsourcecode Construction Management System 1.0 - SQL Injection via borrow_id Parameter
CVSS 7.2
CVE-2024-50971 HIGH
Itsourcecode Construction Management System 1.0 - SQL Injection via print.php map_id Parameter
CVSS 7.2
CVE-2024-50970 HIGH
online_furniture_shopping_project 1.0 - SQL Injection via orderview1.php id Parameter
CVSS 8.8
CVE-2024-37376 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34784 HIGH
Ivanti Endpoint Manager < 2022 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34782 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34781 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34780 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32847 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32844 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32841 HIGH
Ivanti Endpoint Manager SQL Injection (Auth Required)
CVSS 7.2
CVE-2024-32839 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50330 CRITICAL
Ivanti Endpoint Manager SQL Injection (Unauthenticated)
CVSS 9.8
CVE-2024-50328 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50327 HIGH
Ivanti Endpoint Manager SQL Injection (Auth Required)
CVSS 7.2
CVE-2024-50326 HIGH
Ivanti Endpoint Manager < 2022 SU6 November Security Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-50323 HIGH
Ivanti Endpoint Manager SQL Injection (Unauthenticated)
CVSS 7.8
Details
Vulnerabilities 19,654
Exploit Likelihood High