CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,656 vulnerabilities with CWE-89
CVE-2024-10378
MEDIUM
ESAFENET CDG 5 - SQL Injection via CDGRenewFileId Parameter
CVSS 6.3
CVE-2024-47483
LOW
Dell Data Lakehouse <1.1.0.0 - SQL Injection
CVSS 2.9
CVE-2024-10377
MEDIUM
ESAFENET CDG 5 - SQL Injection via DecryptApplicationService.java id Parameter
CVSS 6.3
CVE-2024-10376
MEDIUM
ESAFENET CDG 5 - SQL Injection via UniqueId Parameter in AutoSignService
CVSS 6.3
CVE-2024-10341
MEDIUM
League of Legends Shortcodes <= 1.0.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 6.5
CVE-2024-10370
HIGH
Codezips Sales Management System 1.0 - SQL Injection via refno Parameter in addcustind.php
CVSS 7.3
CVE-2024-10369
HIGH
Codezips Sales Management System 1.0 - SQL Injection via refno Parameter in addcustcom.php
CVSS 7.3
CVE-2024-10368
HIGH
Codezips Sales Management System 1.0 - SQL Injection via prodtype Parameter in addstock.php
CVSS 7.3
CVE-2024-10355
MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/invoice.php id Parameter
CVSS 4.7
CVE-2024-10354
MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/print.php id Parameter
CVSS 4.7
CVE-2024-10350
MEDIUM
Hospital Management System 1.0 - SQL Injection via docname Parameter in add-doctor.php
CVSS 4.7
CVE-2024-41618
CRITICAL
Money Manager EX WebApp <1.2.2 - SQL Injection
CVSS 9.8
CVE-2024-10349
MEDIUM
Best House Rental Management System 1.0 - SQL Injection via delete_tenant id Parameter
CVSS 6.3
CVE-2024-47881
HIGH
OpenRefine 3.4-beta-3.8.2 - Remote Code Execution via SQLite Extension Loading
CVSS 8.1
CVE-2024-48427
HIGH
Sourcecodester Packers and Movers Management System 1.0 - Authenticated SQL Injection via id Parameter
CVSS 8.8
CVE-2024-10338
MEDIUM
Clothes Recommendation System 1.0 - SQL Injection via /admin/home.php view Parameter
CVSS 4.7
CVE-2024-10337
MEDIUM
Clothes Recommendation System 1.0 - SQL Injection via admin/home.php cat/subcat/t1/t2/text Parameters
CVSS 4.7
CVE-2024-10336
HIGH
Clothes Recommendation System 1.0 - SQL Injection via Admin Login Page t1 Parameter
CVSS 7.3
CVE-2024-10335
HIGH
SourceCodester Garbage Collection Management System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2024-5608
HIGH
Zohocorp ManageEngine ADAudit Plus <8121 - SQL Injection
CVSS 8.3
CVE-2024-49691
HIGH
Woobewoo Product Filter <2.7.0 - SQL Injection
CVSS 7.6
CVE-2024-49681
CRITICAL
SWIT WP Sessions Time Monitoring Full Automatic <1.0.9 - SQL Injection
CVSS 9.3
CVE-2024-10331
MEDIUM
PHPGurukul Vehicle Record System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 6.3
CVE-2024-10301
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10300
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities
19,656
Exploit Likelihood
High