CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,656 vulnerabilities with CWE-89
CVE-2024-10502 MEDIUM
ESAFENET CDG 5 - SQL Injection via FileDirectoryService getOneFileDirectory directoryId Parameter
CVSS 6.3
CVE-2024-10501 MEDIUM
ESAFENET CDG 5 - SQL Injection via ExamCDGDocService findById Function
CVSS 6.3
CVE-2024-10500 MEDIUM
ESAFENET CDG 5 - SQL Injection via HookWhiteListService.java policyId Parameter
CVSS 6.3
CVE-2024-48573 CRITICAL
AquilaCMS < 1.409.20 - Unauthenticated NoSQL Injection via Password Reset Feature
CVSS 9.8
CVE-2024-8924 HIGH
ServiceNow - Unauthenticated Blind SQL Injection
CVSS 7.5
CVE-2024-8309 CRITICAL
langchain-ai/langchain <0.2.5 - SQL Injection
CVSS 9.8
CVE-2024-7042 CRITICAL
langchain/langchain < 0.3.1 and langchain/community < 0.3.3 - SQL Injection via GraphCypherQAChain
CVSS 9.8
CVE-2024-48356 CRITICAL
lylme_spage <= 1.6.0 - SQL Injection via /admin/group.php
CVSS 9.8
CVE-2024-48177 HIGH
MRCMS 3.1.2 - SQL Injection via RID Parameter
CVSS 8.8
CVE-2024-48465 CRITICAL
MRBS 1.5.0 - SQL Injection via rooms%5B%5D Parameter
CVSS 9.8
CVE-2024-48357 CRITICAL
LyLme Spage 1.2.0-1.6.0 - SQL Injection via /admin/apply.php
CVSS 9.8
CVE-2024-10450 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2024-10449 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via Username Parameter in /loginAction.php
CVSS 7.3
CVE-2024-50491 CRITICAL
MicahBlu RSVP ME < 1.9.9 - SQL Injection
CVSS 9.3
CVE-2024-50479 CRITICAL
Woocommerce Quote Calculator <= 1.1 - Blind SQL Injection
CVSS 9.3
CVE-2024-50465 HIGH
Premium SEO Pack <= 1.6.001 - SQL Injection
CVSS 8.5
CVE-2024-10447 MEDIUM
Project Worlds Online Time Table Generator 1.0 - SQL Injection via staffdashboard.php Update Profile Parameter
CVSS 6.3
CVE-2024-10446 MEDIUM
Project Worlds Online Time Table Generator 1.0 - SQL Injection via add_course Parameter
CVSS 6.3
CVE-2024-10440 CRITICAL
sun.net ehrd_ctms < 10.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-23843 LOW
Genians Genian NAC <5.0.60 - SQL Injection
CVSS 2.2
CVE-2024-10432 HIGH
Project Worlds Simple Web-Based Chat Application 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-10431 HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via deletebird.php t1 Parameter
CVSS 7.3
CVE-2024-10430 HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via animalsupdate.php id Parameter
CVSS 7.3
CVE-2024-10427 MEDIUM
Codezips Pet Shop Management System 1.0 - SQL Injection via t1 Parameter
CVSS 6.3
CVE-2024-10426 MEDIUM
Codezips Pet Shop Management System 1.0 - SQL Injection via id Parameter
CVSS 6.3
Details
Vulnerabilities 19,656
Exploit Likelihood High