CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,656 vulnerabilities with CWE-89
CVE-2024-10502
MEDIUM
ESAFENET CDG 5 - SQL Injection via FileDirectoryService getOneFileDirectory directoryId Parameter
CVSS 6.3
CVE-2024-10501
MEDIUM
ESAFENET CDG 5 - SQL Injection via ExamCDGDocService findById Function
CVSS 6.3
CVE-2024-10500
MEDIUM
ESAFENET CDG 5 - SQL Injection via HookWhiteListService.java policyId Parameter
CVSS 6.3
CVE-2024-48573
CRITICAL
AquilaCMS < 1.409.20 - Unauthenticated NoSQL Injection via Password Reset Feature
CVSS 9.8
CVE-2024-8924
HIGH
ServiceNow - Unauthenticated Blind SQL Injection
CVSS 7.5
CVE-2024-8309
CRITICAL
langchain-ai/langchain <0.2.5 - SQL Injection
CVSS 9.8
CVE-2024-7042
CRITICAL
langchain/langchain < 0.3.1 and langchain/community < 0.3.3 - SQL Injection via GraphCypherQAChain
CVSS 9.8
CVE-2024-48356
CRITICAL
lylme_spage <= 1.6.0 - SQL Injection via /admin/group.php
CVSS 9.8
CVE-2024-48177
HIGH
MRCMS 3.1.2 - SQL Injection via RID Parameter
CVSS 8.8
CVE-2024-48465
CRITICAL
MRBS 1.5.0 - SQL Injection via rooms%5B%5D Parameter
CVSS 9.8
CVE-2024-48357
CRITICAL
LyLme Spage 1.2.0-1.6.0 - SQL Injection via /admin/apply.php
CVSS 9.8
CVE-2024-10450
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2024-10449
HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via Username Parameter in /loginAction.php
CVSS 7.3
CVE-2024-50491
CRITICAL
MicahBlu RSVP ME < 1.9.9 - SQL Injection
CVSS 9.3
CVE-2024-50479
CRITICAL
Woocommerce Quote Calculator <= 1.1 - Blind SQL Injection
CVSS 9.3
CVE-2024-50465
HIGH
Premium SEO Pack <= 1.6.001 - SQL Injection
CVSS 8.5
CVE-2024-10447
MEDIUM
Project Worlds Online Time Table Generator 1.0 - SQL Injection via staffdashboard.php Update Profile Parameter
CVSS 6.3
CVE-2024-10446
MEDIUM
Project Worlds Online Time Table Generator 1.0 - SQL Injection via add_course Parameter
CVSS 6.3
CVE-2024-10440
CRITICAL
sun.net ehrd_ctms < 10.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-23843
LOW
Genians Genian NAC <5.0.60 - SQL Injection
CVSS 2.2
CVE-2024-10432
HIGH
Project Worlds Simple Web-Based Chat Application 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-10431
HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via deletebird.php t1 Parameter
CVSS 7.3
CVE-2024-10430
HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via animalsupdate.php id Parameter
CVSS 7.3
CVE-2024-10427
MEDIUM
Codezips Pet Shop Management System 1.0 - SQL Injection via t1 Parameter
CVSS 6.3
CVE-2024-10426
MEDIUM
Codezips Pet Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 6.3
Details
Vulnerabilities
19,656
Exploit Likelihood
High