CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,654 vulnerabilities with CWE-89
CVE-2024-11051
MEDIUM
Amttgroup Hibos < 3.0.3.151204 - Injection
CVSS 6.3
CVE-2024-51608
HIGH
Pluginhandy AmaDiscount <1.0 - SQL Injection
CVSS 8.5
CVE-2024-51606
HIGH
Blrt Blrt WP Embed <1.6.9 - SQL Injection
CVSS 8.5
CVE-2024-51623
HIGH
Mehrdad Farahani WP EIS <1.3.3 - SQL Injection
CVSS 8.5
CVE-2024-50544
HIGH
Micah Blu RSVP ME <1.9.9 - SQL Injection
CVSS 8.5
CVE-2024-50539
HIGH
Lodgix.Com Vacation Rental Website Builder <3.9.73 - SQL Injection
CVSS 8.5
CVE-2024-50524
HIGH
quyle91 Administrator Z - SQL Injection
CVSS 8.5
CVE-2024-51625
HIGH
EDC Team Quran Shortcode <1.5 - SQL Injection
CVSS 8.5
CVE-2024-51621
HIGH
Reza Sh Download-Mirror-Counter <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51620
HIGH
Porsline <= 1.0.2 - Blind SQL Injection
CVSS 8.5
CVE-2024-51619
HIGH
Market360.Co Market 360 Viewer - SQL Injection
CVSS 8.5
CVE-2024-51607
HIGH
Buddy Lindsey Golf Tracker <0.8 - SQL Injection
CVSS 8.5
CVE-2024-51602
HIGH
Oleksandr Ustymenko Simple Job Manager <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51601
HIGH
Maksym Marko Website <4.1 - SQL Injection
CVSS 8.5
CVE-2024-51579
HIGH
Saleswonder.Biz 5 Stars Rating Funnel <1.4.01 - SQL Injection
CVSS 8.5
CVE-2024-51570
HIGH
Odihost Easy Gallery <1.4 - SQL Injection
CVSS 8.5
CVE-2024-9874
MEDIUM
Poll Maker < 5.4.6 - Authenticated Time-Based SQL Injection via Orderby Parameter
CVSS 4.9
CVE-2024-51211
CRITICAL
OS4ED openSIS-Classic 9.1 - SQL Injection via resetuserinfo.php $username_stn_id Parameter
CVSS 9.8
CVE-2024-51030
MEDIUM
Sourcecodester Cab Management System 1.0 - SQL Injection via id Parameter
CVSS 6.5
CVE-2024-10998
HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_add.php
CVSS 7.3
CVE-2024-10997
MEDIUM
Bookstore Management System 1.0 - SQL Injection via /book_list.php id Parameter
CVSS 6.3
CVE-2024-10996
HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_edit.php
CVSS 7.3
CVE-2024-10995
HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /removeDoctorResult.php Name Parameter
CVSS 7.3
CVE-2024-10991
HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /editBranchResult.php ID Parameter
CVSS 7.3
CVE-2024-10990
MEDIUM
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,654
Exploit Likelihood
High