CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,655 vulnerabilities with CWE-89
CVE-2024-10730
MEDIUM
Tongda OA < 11.6 - SQL Injection via /pda/appcenter/web_show.php ID Parameter
CVSS 6.3
CVE-2024-10702
HIGH
Simple Car Rental System 1.0 - SQL Injection via Signup First Name Parameter
CVSS 7.3
CVE-2024-10700
MEDIUM
University Event Management System 1.0 - SQL Injection via submit.php Parameters
CVSS 6.3
CVE-2024-10699
HIGH
Wazifa System 1.0 - SQL Injection via Username Parameter in Login Controller
CVSS 7.3
CVE-2024-10540
MEDIUM
BookingPress < 1.1.16 - Authenticated SQL Injection via Service Parameter
CVSS 5.3
CVE-2024-10660
MEDIUM
ESAFENET CDG 5 - SQL Injection via HookService.java deleteHook hookId Parameter
CVSS 6.3
CVE-2024-10659
MEDIUM
ESAFENET CDG 5 - SQL Injection via delSystemEncryptPolicy id Parameter
CVSS 6.3
CVE-2024-10658
MEDIUM
Tongda OA < 11.10 - SQL Injection via /pda/approve_center/check_seal.php ID Parameter
CVSS 6.3
CVE-2024-10657
MEDIUM
Tongda OA < 11.10 - SQL Injection via RUN_ID Parameter in /pda/approve_center/prcs_info.php
CVSS 6.3
CVE-2024-10656
MEDIUM
Tongda OA 2017-11.9 - SQL Injection via /pda/meeting/apply.php mr_id Parameter
CVSS 6.3
CVE-2024-10655
MEDIUM
Tongda OA 2017-11.9 - SQL Injection via /pda/reportshop/new.php repid Parameter
CVSS 6.3
CVE-2024-7456
CRITICAL
lunary v1.4.2 - SQL Injection via Unsafe Order By Clause
CVSS 9.8
CVE-2024-10619
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via repid Parameter in /pda/reportshop/next_detail.php
CVSS 6.3
CVE-2024-10618
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via repid Parameter in record_detail.php
CVSS 6.3
CVE-2024-10617
MEDIUM
Tongda OA < 11.10 - SQL Injection via /pda/workflow/check_seal.php ID Parameter
CVSS 6.3
CVE-2024-10616
MEDIUM
Tongda OA < 11.9 - SQL Injection via saleId Parameter in webSignSubmit.php
CVSS 6.3
CVE-2024-10615
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via RUN_ID Parameter in delete_data_attach.php
CVSS 6.3
CVE-2024-10613
MEDIUM
ESAFENET CDG 5 - SQL Injection via SystemEncryptPolicyService.java id Parameter
CVSS 6.3
CVE-2024-10612
MEDIUM
ESAFENET CDG 5 - SQL Injection via HookInvalidCourseService id Parameter
CVSS 6.3
CVE-2024-10611
MEDIUM
ESAFENET CDG 5 - SQL Injection via PrintScreenListService delProtocol Function
CVSS 6.3
CVE-2024-10610
MEDIUM
ESAFENET CDG 5 - SQL Injection via ProtocolService.java delProtocol Function
CVSS 6.3
CVE-2024-10609
MEDIUM
Tailoring Management System Project 1.0 - SQL Injection via Sex Parameter in typeadd.php
CVSS 6.3
CVE-2024-10608
HIGH
Courier Management System 1.0 - SQL Injection via txtusername Parameter in login.php
CVSS 7.3
CVE-2024-10607
HIGH
Courier Management System 1.0 - SQL Injection via Consignment Parameter in track-result.php
CVSS 7.3
CVE-2024-10602
MEDIUM
Tongda OA 2017-11.9 - SQL Injection via dataSrc Parameter
CVSS 6.3
Details
Vulnerabilities
19,655
Exploit Likelihood
High