CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,655 vulnerabilities with CWE-89
CVE-2024-10730 MEDIUM
Tongda OA < 11.6 - SQL Injection via /pda/appcenter/web_show.php ID Parameter
CVSS 6.3
CVE-2024-10702 HIGH
Simple Car Rental System 1.0 - SQL Injection via Signup First Name Parameter
CVSS 7.3
CVE-2024-10700 MEDIUM
University Event Management System 1.0 - SQL Injection via submit.php Parameters
CVSS 6.3
CVE-2024-10699 HIGH
Wazifa System 1.0 - SQL Injection via Username Parameter in Login Controller
CVSS 7.3
CVE-2024-10540 MEDIUM
BookingPress < 1.1.16 - Authenticated SQL Injection via Service Parameter
CVSS 5.3
CVE-2024-10660 MEDIUM
ESAFENET CDG 5 - SQL Injection via HookService.java deleteHook hookId Parameter
CVSS 6.3
CVE-2024-10659 MEDIUM
ESAFENET CDG 5 - SQL Injection via delSystemEncryptPolicy id Parameter
CVSS 6.3
CVE-2024-10658 MEDIUM
Tongda OA < 11.10 - SQL Injection via /pda/approve_center/check_seal.php ID Parameter
CVSS 6.3
CVE-2024-10657 MEDIUM
Tongda OA < 11.10 - SQL Injection via RUN_ID Parameter in /pda/approve_center/prcs_info.php
CVSS 6.3
CVE-2024-10656 MEDIUM
Tongda OA 2017-11.9 - SQL Injection via /pda/meeting/apply.php mr_id Parameter
CVSS 6.3
CVE-2024-10655 MEDIUM
Tongda OA 2017-11.9 - SQL Injection via /pda/reportshop/new.php repid Parameter
CVSS 6.3
CVE-2024-7456 CRITICAL
lunary v1.4.2 - SQL Injection via Unsafe Order By Clause
CVSS 9.8
CVE-2024-10619 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via repid Parameter in /pda/reportshop/next_detail.php
CVSS 6.3
CVE-2024-10618 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via repid Parameter in record_detail.php
CVSS 6.3
CVE-2024-10617 MEDIUM
Tongda OA < 11.10 - SQL Injection via /pda/workflow/check_seal.php ID Parameter
CVSS 6.3
CVE-2024-10616 MEDIUM
Tongda OA < 11.9 - SQL Injection via saleId Parameter in webSignSubmit.php
CVSS 6.3
CVE-2024-10615 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via RUN_ID Parameter in delete_data_attach.php
CVSS 6.3
CVE-2024-10613 MEDIUM
ESAFENET CDG 5 - SQL Injection via SystemEncryptPolicyService.java id Parameter
CVSS 6.3
CVE-2024-10612 MEDIUM
ESAFENET CDG 5 - SQL Injection via HookInvalidCourseService id Parameter
CVSS 6.3
CVE-2024-10611 MEDIUM
ESAFENET CDG 5 - SQL Injection via PrintScreenListService delProtocol Function
CVSS 6.3
CVE-2024-10610 MEDIUM
ESAFENET CDG 5 - SQL Injection via ProtocolService.java delProtocol Function
CVSS 6.3
CVE-2024-10609 MEDIUM
Tailoring Management System Project 1.0 - SQL Injection via Sex Parameter in typeadd.php
CVSS 6.3
CVE-2024-10608 HIGH
Courier Management System 1.0 - SQL Injection via txtusername Parameter in login.php
CVSS 7.3
CVE-2024-10607 HIGH
Courier Management System 1.0 - SQL Injection via Consignment Parameter in track-result.php
CVSS 7.3
CVE-2024-10602 MEDIUM
Tongda OA 2017-11.9 - SQL Injection via dataSrc Parameter
CVSS 6.3
Details
Vulnerabilities 19,655
Exploit Likelihood High