CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,656 vulnerabilities with CWE-89
CVE-2024-10378 MEDIUM
ESAFENET CDG 5 - SQL Injection via CDGRenewFileId Parameter
CVSS 6.3
CVE-2024-47483 LOW
Dell Data Lakehouse <1.1.0.0 - SQL Injection
CVSS 2.9
CVE-2024-10377 MEDIUM
ESAFENET CDG 5 - SQL Injection via DecryptApplicationService.java id Parameter
CVSS 6.3
CVE-2024-10376 MEDIUM
ESAFENET CDG 5 - SQL Injection via UniqueId Parameter in AutoSignService
CVSS 6.3
CVE-2024-10341 MEDIUM
League of Legends Shortcodes <= 1.0.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 6.5
CVE-2024-10370 HIGH
Codezips Sales Management System 1.0 - SQL Injection via refno Parameter in addcustind.php
CVSS 7.3
CVE-2024-10369 HIGH
Codezips Sales Management System 1.0 - SQL Injection via refno Parameter in addcustcom.php
CVSS 7.3
CVE-2024-10368 HIGH
Codezips Sales Management System 1.0 - SQL Injection via prodtype Parameter in addstock.php
CVSS 7.3
CVE-2024-10355 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/invoice.php id Parameter
CVSS 4.7
CVE-2024-10354 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via /admin/print.php id Parameter
CVSS 4.7
CVE-2024-10350 MEDIUM
Hospital Management System 1.0 - SQL Injection via docname Parameter in add-doctor.php
CVSS 4.7
CVE-2024-41618 CRITICAL
Money Manager EX WebApp <1.2.2 - SQL Injection
CVSS 9.8
CVE-2024-10349 MEDIUM
Best House Rental Management System 1.0 - SQL Injection via delete_tenant id Parameter
CVSS 6.3
CVE-2024-47881 HIGH
OpenRefine 3.4-beta-3.8.2 - Remote Code Execution via SQLite Extension Loading
CVSS 8.1
CVE-2024-48427 HIGH
Sourcecodester Packers and Movers Management System 1.0 - Authenticated SQL Injection via id Parameter
CVSS 8.8
CVE-2024-10338 MEDIUM
Clothes Recommendation System 1.0 - SQL Injection via /admin/home.php view Parameter
CVSS 4.7
CVE-2024-10337 MEDIUM
Clothes Recommendation System 1.0 - SQL Injection via admin/home.php cat/subcat/t1/t2/text Parameters
CVSS 4.7
CVE-2024-10336 HIGH
Clothes Recommendation System 1.0 - SQL Injection via Admin Login Page t1 Parameter
CVSS 7.3
CVE-2024-10335 HIGH
SourceCodester Garbage Collection Management System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2024-5608 HIGH
Zohocorp ManageEngine ADAudit Plus <8121 - SQL Injection
CVSS 8.3
CVE-2024-49691 HIGH
Woobewoo Product Filter <2.7.0 - SQL Injection
CVSS 7.6
CVE-2024-49681 CRITICAL
SWIT WP Sessions Time Monitoring Full Automatic <1.0.9 - SQL Injection
CVSS 9.3
CVE-2024-10331 MEDIUM
PHPGurukul Vehicle Record System 1.0 - SQL Injection via searchinputdata Parameter
CVSS 6.3
CVE-2024-10301 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10300 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities 19,656
Exploit Likelihood High