CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-43415
CRITICAL
decidim-decidim_awesome 0.9.1-0.10.2 and 0.11.0-0.11.1 - Authenticated SQL Injection in papertrail/version Model
CVSS 9.0
CVE-2024-11127
MEDIUM
Job Recruitment <= 1.0 - SQL Injection via admin.php userid Parameter
CVSS 6.3
CVE-2024-11124
MEDIUM
TimGeyssens UIOMatic 5 - SQL Injection in uioMaticObject.r
CVSS 4.7
CVE-2024-11121
MEDIUM
Lingdang CRM < 8.6.4.3 - SQL Injection via userid Parameter
CVSS 6.3
CVE-2024-11101
MEDIUM
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via Searchdata Parameter
CVSS 4.7
CVE-2024-11100
HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via /index.php name Parameter
CVSS 7.3
CVE-2024-11099
HIGH
Job Recruitment 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2024-11096
MEDIUM
code-projects Task Manager 1.0 - SQL Injection via projectName Parameter
CVSS 6.3
CVE-2024-44546
CRITICAL
Powerjob >= 3.2.0 - SQL Injection via Version Parameter
CVSS 9.8
CVE-2024-11077
HIGH
Job Recruitment 1.0 - SQL Injection via Email Parameter
CVSS 7.3
CVE-2024-11076
MEDIUM
Job Recruitment 1.0 - SQL Injection via e_hash Parameter in /activation.php
CVSS 6.3
CVE-2024-11074
MEDIUM
Tailoring Management System 1.0 - SQL Injection via inccat Parameter
CVSS 6.3
CVE-2024-50989
CRITICAL
PHPGurukul Online Marriage Registration System 1.0 - SQL Injection via searchdata Parameter
CVSS 9.8
CVE-2024-11020
CRITICAL
Grand Vice Webopac 6-6.5.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-11016
CRITICAL
Vice Webopac 6-6.5.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-51882
HIGH
Ehues Gboy Custom Google Map <1.2 - SQL Injection
CVSS 8.5
CVE-2024-51845
HIGH
Richteam Share Buttons - SQL Injection
CVSS 8.5
CVE-2024-51843
HIGH
Olland.Biz Horsemanager <1.3 - SQL Injection
CVSS 8.5
CVE-2024-51837
HIGH
SONS Creative Development WP Contest <1.0.0 - SQL Injection
CVSS 8.5
CVE-2024-51820
HIGH
L Squared Hub WP < 1.0 - SQL Injection
CVSS 8.5
CVE-2024-11060
MEDIUM
Jinher Network Collaborative Management Platform 1.0 - SQL Injection
CVSS 6.3
CVE-2024-11059
MEDIUM
Project Worlds Free Download Online Shopping System - SQL Injection via success.php id Parameter
CVSS 6.3
CVE-2024-11058
MEDIUM
CodeAstro Real Estate Management System <= 1.0 - SQL Injection via About Us Page id Parameter
CVSS 4.7
CVE-2024-11057
HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /removeBranchResult.php ID/Name Parameter
CVSS 7.3
CVE-2024-11055
HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via adminname Parameter
CVSS 7.3
Details
Vulnerabilities
19,654
Exploit Likelihood
High