CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,655 vulnerabilities with CWE-89
CVE-2024-10601 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via where_repeat Parameter
CVSS 6.3
CVE-2024-10600 HIGH
Tongda OA 2017-11.6 - SQL Injection via appid Parameter in pda/appcenter/submenu.php
CVSS 7.3
CVE-2024-6480 MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - XSS
CVSS 6.4
CVE-2024-6479 MEDIUM
SIP Reviews Shortcode - WooCommerce <1.2.3 - SQL Injection
CVSS 6.5
CVE-2024-10597 MEDIUM
ESAFENET CDG 5 - SQL Injection via PolicyActionService.java id Parameter
CVSS 6.3
CVE-2024-10596 MEDIUM
ESAFENET CDG 5 - SQL Injection via EncryptPolicyTypeService delEntryptPolicySort Function
CVSS 6.3
CVE-2024-10595 MEDIUM
ESAFENET CDG 5 - SQL Injection via delFile/delDifferCourseList Function
CVSS 6.3
CVE-2024-10594 MEDIUM
ESAFENET CDG 5 - SQL Injection via fileId Parameter in FileDirectoryService
CVSS 6.3
CVE-2024-51065 CRITICAL
Phpgurukul Beauty Parlour Management System 1.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-51064 CRITICAL
Phpgurukul Teachers Record Management System 2.1 - SQL Injection via tid Parameter
CVSS 9.8
CVE-2024-51063 CRITICAL
Phpgurukul Teachers Record Management System 2.1 - SQL Injection via add-teacher.php Mobile Number or Email Parameter
CVSS 9.1
CVE-2024-51060 CRITICAL
Projectworlds Online Admission System v1 - SQL Injection via 'a_id' Parameter
CVSS 9.1
CVE-2024-50802 MEDIUM
AbanteCart 1.4.0 - SQL Injection via Email Templates Update ID Parameter
CVSS 6.0
CVE-2024-50801 MEDIUM
AbanteCart 1.4.0 - SQL Injection via id Parameter in Collections Update Function
CVSS 6.0
CVE-2024-51482 CRITICAL
ZoneMinder <1.37.64 - SQL Injection
CVSS 9.9
CVE-2024-10561 HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via birdsupdate.php id Parameter
CVSS 7.3
CVE-2024-48307 CRITICAL
JeecgBoot 3.7.1 - SQL Injection via /onlDragDatasetHead/getTotalData
CVSS 9.8
CVE-2024-10556 HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via birdsadd.php id Parameter
CVSS 7.3
CVE-2024-48733 HIGH
SAS Studio 9.4 - SQL Injection via /SASStudio/sasexec/sessions/{sessionID}/sql POST Body
CVSS 8.8
CVE-2024-10546 MEDIUM
open-scratch Teaching <2.7 - SQL Injection
CVSS 6.3
CVE-2024-46531 MEDIUM
phpgurukul Vehicle Record Management System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 6.3
CVE-2024-10509 HIGH
Codezips Online Institute Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 7.3
CVE-2024-10507 HIGH
Free Exam Hall Seating Management System 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2024-10506 MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via Bloodname Parameter
CVSS 6.3
CVE-2024-10502 MEDIUM
ESAFENET CDG 5 - SQL Injection via FileDirectoryService getOneFileDirectory directoryId Parameter
CVSS 6.3
Details
Vulnerabilities 19,655
Exploit Likelihood High