CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,656 vulnerabilities with CWE-89
CVE-2024-10425 MEDIUM
Project Worlds Student Project Allocation System 1.0 - SQL Injection via move_up_project.php up Parameter
CVSS 6.3
CVE-2024-10424 MEDIUM
Project Worlds Student Project Allocation System 1.0 - SQL Injection via Project Selection Page
CVSS 6.3
CVE-2024-10423 MEDIUM
Project Worlds Student Project Allocation System 1.0 - SQL Injection via Project Selection Page project_id Parameter
CVSS 6.3
CVE-2024-10422 MEDIUM
SourceCodester Attendance and Payroll System 1.0 - SQL Injection via Overtime Add ID Parameter
CVSS 6.3
CVE-2024-10421 MEDIUM
SourceCodester Attendance and Payroll System 1.0 - SQL Injection via /admin/overtime_row.php id Parameter
CVSS 6.3
CVE-2024-10418 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via bg Parameter in infoAdd.php
CVSS 6.3
CVE-2024-10417 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via bid Parameter in delete.php
CVSS 6.3
CVE-2024-10416 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via reqid Parameter in cancel.php
CVSS 6.3
CVE-2024-10415 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via reqid Parameter in accept.php
CVSS 6.3
CVE-2024-10411 MEDIUM
Online Hotel Reservation System 1.0 - SQL Injection via mod_room/controller.php id Parameter
CVSS 6.3
CVE-2024-10409 MEDIUM
Blood Bank Management System 1.0 - SQL Injection via reqid Parameter
CVSS 6.3
CVE-2024-10408 MEDIUM
Blood Bank Management System <= 1.0 - SQL Injection via /abs.php Search Parameter
CVSS 6.3
CVE-2024-10407 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via edit_customer.php id Parameter
CVSS 6.3
CVE-2024-10406 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/edit_fuel.php id Parameter
CVSS 6.3
CVE-2024-9475 MEDIUM
Poll Maker < 5.4.6 - Authenticated SQL Injection via order_by Parameter
CVSS 4.9
CVE-2024-48238 MEDIUM
WTCMS 1.0 - SQL Injection via parentid Parameter in NavControl Edit Post
CVSS 4.7
CVE-2024-48230 HIGH
funadmin 5.0.2 - SQL Injection via parentField Parameter
CVSS 7.2
CVE-2024-48229 HIGH
funadmin 5.0.2 - SQL Injection in Curd One Click Command Mode Plugin
CVSS 7.2
CVE-2024-48226 HIGH
funadmin 5.0.2 - SQL Injection in curd/table/savefield
CVSS 7.2
CVE-2024-48223 HIGH
funadmin v5.0.2 - SQL Injection via /curd/table/fieldlist
CVSS 7.2
CVE-2024-48222 HIGH
funadmin 5.0.2 - SQL Injection via /curd/table/edit
CVSS 7.2
CVE-2024-48218 HIGH
funadmin 5.0.2 - SQL Injection via /curd/table/list
CVSS 7.2
CVE-2024-48343 MEDIUM
ESAFENET CDG 5 and earlier - SQL Injection via dataSearch.jsp id Parameter
CVSS 6.3
CVE-2024-48580 CRITICAL
Best Courier Management System 1.0 - SQL Injection via Login Email Parameter
CVSS 9.8
CVE-2024-10380 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via drop_services Parameter
CVSS 6.3
Details
Vulnerabilities 19,656
Exploit Likelihood High