CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,655 vulnerabilities with CWE-89
CVE-2024-10990 MEDIUM
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
CVE-2024-10989 MEDIUM
E-Health Care System 1.0 - SQL Injection via s_id Parameter in Admin/detail.php
CVSS 6.3
CVE-2024-10988 HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Login Email Parameter
CVSS 7.3
CVE-2024-10987 MEDIUM
E-Health Care System 1.0 SQL Injection via schedule/booking Parameters
CVSS 6.3
CVE-2024-50766 CRITICAL
SourceCodester Survey Application System 1.0 - SQL Injection via takeSurvey.php id Parameter
CVSS 9.8
CVE-2024-10969 HIGH
1000 Projects Bookstore Management System 1.0 - SQL Injection via Login Process
CVSS 7.3
CVE-2024-10968 HIGH
1000projects Bookstore Management System 1.0 - SQL Injection via /contact_process.php fnm Parameter
CVSS 7.3
CVE-2024-45794 HIGH
devtron < 0.7.2 - Authenticated SQL Injection via CreateUser API
CVSS 8.3
CVE-2024-10967 HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Appointment Request ID Parameter
CVSS 7.3
CVE-2024-43436 HIGH
Moodle < 4.1.12 - Authenticated SQL Injection via XMLDB Editor
CVSS 7.2
CVE-2024-10947 MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 SQL Injection via bookrecno
CVSS 4.7
CVE-2024-10946 MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 - SQL Injection via sql Argument
CVSS 4.7
CVE-2024-48325 HIGH
Portabilis i-Educar 2.8.0 - Unauthenticated SQL Injection via instituicao_id Parameter
CVSS 8.1
CVE-2024-20536 HIGH
Cisco Nexus Dashboard Fabric Controller - SQL Injection
CVSS 8.8
CVE-2024-50332 HIGH
SuiteCRM < 7.14.6 - Blind SQL Injection in DeleteRelationShip
CVSS 8.8
CVE-2024-49773 MEDIUM
SuiteCRM <7.14.6-8.7 - SQL Injection
CVSS 5.3
CVE-2024-49772 HIGH
SuiteCRM < 7.14.6 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-10845 HIGH
Bookstore Management System 1.0 - SQL Injection via book_detail.php id Parameter
CVSS 7.3
CVE-2024-10844 HIGH
Bookstore Management System 1.0 - SQL Injection via search.php s Parameter
CVSS 7.3
CVE-2024-10841 MEDIUM
romadebrian WEB-Sekolah 1.0 - SQL Injection via Name Parameter in Mail Handler
CVSS 5.5
CVE-2024-10687 CRITICAL
Contest Gallery < 24.0.4 - Unauthenticated Time-Based SQL Injection via $collectedIds Parameter
CVSS 9.8
CVE-2024-9459 HIGH
ManageEngine Exchange Reporter Plus <= 5718 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-10810 MEDIUM
E-Health Care System 1.0 - SQL Injection via Doctor/app_request.php app_id Parameter
CVSS 6.3
CVE-2024-10809 MEDIUM
E-Health Care System 1.0 - SQL Injection via Doctor Chat Name/Message Parameter
CVSS 6.3
CVE-2024-10808 MEDIUM
E-Health Care System 1.0 - SQL Injection via Admin/req_detail.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,655
Exploit Likelihood High