CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,654 vulnerabilities with CWE-89
CVE-2024-11051 MEDIUM
Amttgroup Hibos < 3.0.3.151204 - Injection
CVSS 6.3
CVE-2024-51608 HIGH
Pluginhandy AmaDiscount <1.0 - SQL Injection
CVSS 8.5
CVE-2024-51606 HIGH
Blrt Blrt WP Embed <1.6.9 - SQL Injection
CVSS 8.5
CVE-2024-51623 HIGH
Mehrdad Farahani WP EIS <1.3.3 - SQL Injection
CVSS 8.5
CVE-2024-50544 HIGH
Micah Blu RSVP ME <1.9.9 - SQL Injection
CVSS 8.5
CVE-2024-50539 HIGH
Lodgix.Com Vacation Rental Website Builder <3.9.73 - SQL Injection
CVSS 8.5
CVE-2024-50524 HIGH
quyle91 Administrator Z - SQL Injection
CVSS 8.5
CVE-2024-51625 HIGH
EDC Team Quran Shortcode <1.5 - SQL Injection
CVSS 8.5
CVE-2024-51621 HIGH
Reza Sh Download-Mirror-Counter <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51620 HIGH
Porsline <= 1.0.2 - Blind SQL Injection
CVSS 8.5
CVE-2024-51619 HIGH
Market360.Co Market 360 Viewer - SQL Injection
CVSS 8.5
CVE-2024-51607 HIGH
Buddy Lindsey Golf Tracker <0.8 - SQL Injection
CVSS 8.5
CVE-2024-51602 HIGH
Oleksandr Ustymenko Simple Job Manager <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51601 HIGH
Maksym Marko Website <4.1 - SQL Injection
CVSS 8.5
CVE-2024-51579 HIGH
Saleswonder.Biz 5 Stars Rating Funnel <1.4.01 - SQL Injection
CVSS 8.5
CVE-2024-51570 HIGH
Odihost Easy Gallery <1.4 - SQL Injection
CVSS 8.5
CVE-2024-9874 MEDIUM
Poll Maker < 5.4.6 - Authenticated Time-Based SQL Injection via Orderby Parameter
CVSS 4.9
CVE-2024-51211 CRITICAL
OS4ED openSIS-Classic 9.1 - SQL Injection via resetuserinfo.php $username_stn_id Parameter
CVSS 9.8
CVE-2024-51030 MEDIUM
Sourcecodester Cab Management System 1.0 - SQL Injection via id Parameter
CVSS 6.5
CVE-2024-10998 HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_add.php
CVSS 7.3
CVE-2024-10997 MEDIUM
Bookstore Management System 1.0 - SQL Injection via /book_list.php id Parameter
CVSS 6.3
CVE-2024-10996 HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_edit.php
CVSS 7.3
CVE-2024-10995 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /removeDoctorResult.php Name Parameter
CVSS 7.3
CVE-2024-10991 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /editBranchResult.php ID Parameter
CVSS 7.3
CVE-2024-10990 MEDIUM
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,654
Exploit Likelihood High