CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,655 vulnerabilities with CWE-89
CVE-2024-10990
MEDIUM
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
CVE-2024-10989
MEDIUM
E-Health Care System 1.0 - SQL Injection via s_id Parameter in Admin/detail.php
CVSS 6.3
CVE-2024-10988
HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Login Email Parameter
CVSS 7.3
CVE-2024-10987
MEDIUM
E-Health Care System 1.0 SQL Injection via schedule/booking Parameters
CVSS 6.3
CVE-2024-50766
CRITICAL
SourceCodester Survey Application System 1.0 - SQL Injection via takeSurvey.php id Parameter
CVSS 9.8
CVE-2024-10969
HIGH
1000 Projects Bookstore Management System 1.0 - SQL Injection via Login Process
CVSS 7.3
CVE-2024-10968
HIGH
1000projects Bookstore Management System 1.0 - SQL Injection via /contact_process.php fnm Parameter
CVSS 7.3
CVE-2024-45794
HIGH
devtron < 0.7.2 - Authenticated SQL Injection via CreateUser API
CVSS 8.3
CVE-2024-10967
HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Appointment Request ID Parameter
CVSS 7.3
CVE-2024-43436
HIGH
Moodle < 4.1.12 - Authenticated SQL Injection via XMLDB Editor
CVSS 7.2
CVE-2024-10947
MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 SQL Injection via bookrecno
CVSS 4.7
CVE-2024-10946
MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 - SQL Injection via sql Argument
CVSS 4.7
CVE-2024-48325
HIGH
Portabilis i-Educar 2.8.0 - Unauthenticated SQL Injection via instituicao_id Parameter
CVSS 8.1
CVE-2024-20536
HIGH
Cisco Nexus Dashboard Fabric Controller - SQL Injection
CVSS 8.8
CVE-2024-50332
HIGH
SuiteCRM < 7.14.6 - Blind SQL Injection in DeleteRelationShip
CVSS 8.8
CVE-2024-49773
MEDIUM
SuiteCRM <7.14.6-8.7 - SQL Injection
CVSS 5.3
CVE-2024-49772
HIGH
SuiteCRM < 7.14.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-10845
HIGH
Bookstore Management System 1.0 - SQL Injection via book_detail.php id Parameter
CVSS 7.3
CVE-2024-10844
HIGH
Bookstore Management System 1.0 - SQL Injection via search.php s Parameter
CVSS 7.3
CVE-2024-10841
MEDIUM
romadebrian WEB-Sekolah 1.0 - SQL Injection via Name Parameter in Mail Handler
CVSS 5.5
CVE-2024-10687
CRITICAL
Contest Gallery < 24.0.4 - Unauthenticated Time-Based SQL Injection via $collectedIds Parameter
CVSS 9.8
CVE-2024-9459
HIGH
ManageEngine Exchange Reporter Plus <= 5718 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-10810
MEDIUM
E-Health Care System 1.0 - SQL Injection via Doctor/app_request.php app_id Parameter
CVSS 6.3
CVE-2024-10809
MEDIUM
E-Health Care System 1.0 - SQL Injection via Doctor Chat Name/Message Parameter
CVSS 6.3
CVE-2024-10808
MEDIUM
E-Health Care System 1.0 - SQL Injection via Admin/req_detail.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,655
Exploit Likelihood
High