CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,655 vulnerabilities with CWE-89
CVE-2024-10601
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via where_repeat Parameter
CVSS 6.3
CVE-2024-10600
HIGH
Tongda OA 2017-11.6 - SQL Injection via appid Parameter in pda/appcenter/submenu.php
CVSS 7.3
CVE-2024-6480
MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - XSS
CVSS 6.4
CVE-2024-6479
MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - SQL Injection
CVSS 6.5
CVE-2024-10597
MEDIUM
ESAFENET CDG 5 - SQL Injection via PolicyActionService.java id Parameter
CVSS 6.3
CVE-2024-10596
MEDIUM
ESAFENET CDG 5 - SQL Injection via EncryptPolicyTypeService delEntryptPolicySort Function
CVSS 6.3
CVE-2024-10595
MEDIUM
ESAFENET CDG 5 - SQL Injection via delFile/delDifferCourseList Function
CVSS 6.3
CVE-2024-10594
MEDIUM
ESAFENET CDG 5 - SQL Injection via fileId Parameter in FileDirectoryService
CVSS 6.3
CVE-2024-51065
CRITICAL
Phpgurukul Beauty Parlour Management System 1.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-51064
CRITICAL
Phpgurukul Teachers Record Management System 2.1 - SQL Injection via tid Parameter
CVSS 9.8
CVE-2024-51063
CRITICAL
Phpgurukul Teachers Record Management System 2.1 - SQL Injection via add-teacher.php Mobile Number or Email Parameter
CVSS 9.1
CVE-2024-51060
CRITICAL
Projectworlds Online Admission System v1 - SQL Injection via 'a_id' Parameter
CVSS 9.1
CVE-2024-50802
MEDIUM
AbanteCart 1.4.0 - SQL Injection via Email Templates Update ID Parameter
CVSS 6.0
CVE-2024-50801
MEDIUM
AbanteCart 1.4.0 - SQL Injection via id Parameter in Collections Update Function
CVSS 6.0
CVE-2024-51482
CRITICAL
ZoneMinder <1.37.64 - SQL Injection
CVSS 9.9
CVE-2024-10561
HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via birdsupdate.php id Parameter
CVSS 7.3
CVE-2024-48307
CRITICAL
JeecgBoot 3.7.1 - SQL Injection via /onlDragDatasetHead/getTotalData
CVSS 9.8
CVE-2024-10556
HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via birdsadd.php id Parameter
CVSS 7.3
CVE-2024-48733
HIGH
SAS Studio 9.4 - SQL Injection via /SASStudio/sasexec/sessions/{sessionID}/sql POST Body
CVSS 8.8
CVE-2024-10546
MEDIUM
open-scratch Teaching <2.7 - SQL Injection
CVSS 6.3
CVE-2024-46531
MEDIUM
phpgurukul Vehicle Record Management System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 6.3
CVE-2024-10509
HIGH
Codezips Online Institute Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2024-10507
HIGH
Free Exam Hall Seating Management System 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2024-10506
MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via Bloodname Parameter
CVSS 6.3
CVE-2024-10502
MEDIUM
ESAFENET CDG 5 - SQL Injection via FileDirectoryService getOneFileDirectory directoryId Parameter
CVSS 6.3
Details
Vulnerabilities
19,655
Exploit Likelihood
High