CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,656 vulnerabilities with CWE-89
CVE-2024-10299 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10298 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-20473 MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-20472 MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-20471 MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-10297 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-20340 MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-10296 MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10291 MEDIUM
ZZCMS 2023 - SQL Injection via phome Parameter in Ebak_DoExecSQL/Ebak_DotranExecutSQL
CVSS 6.3
CVE-2024-10279 MEDIUM
ESAFENET CDG 5 - SQL Injection via policyId Parameter
CVSS 6.3
CVE-2024-10278 MEDIUM
ESAFENET CDG 5 - SQL Injection via userId Parameter
CVSS 6.3
CVE-2024-10277 MEDIUM
ESAFENET CDG 5 - SQL Injection via UsbKeyAjax.java id Parameter
CVSS 6.3
CVE-2024-48657 HIGH
Hospital Management System 1.0.0 - SQL Injection
CVSS 7.2
CVE-2024-44812 CRITICAL
Online Complaint Site <1.0 - Privilege Escalation
CVSS 9.8
CVE-2024-46903 MEDIUM
Trend Micro Deep Discovery Inspector >=5.8 <6.6 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-46902 HIGH
Trend Micro Deep Discovery Inspector >=5.8 <6.6 - Authenticated SQL Injection
CVSS 8.4
CVE-2024-39753 HIGH
Trend Micro Apex One < 14.0.13139 - SQL Injection
CVSS 7.5
CVE-2024-48570 HIGH
Client Management System 1.0 - SQL Injection via Between Dates Reports Parameter
CVSS 7.5
CVE-2024-9987 HIGH
Pandora FMS 700-777.2 - Authenticated SQL Injection via Agents Modules CSV Filter Parameter
CVSS 8.8
CVE-2024-35286 CRITICAL
Mitel MiCollab < 9.8.0.33 - Unauthenticated SQL Injection in NuPoint Messenger
CVSS 9.8
CVE-2024-30158 HIGH
Mitel MiCollab <9.7.1.110 - SQL Injection
CVSS 7.2
CVE-2024-30157 HIGH
Mitel MiCollab <9.7.1.110 - SQL Injection
CVSS 7.2
CVE-2024-48597 HIGH
Online Clinic Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-48509 CRITICAL
Learning with Texts 2.0.3 - SQL Injection via URL Parameter
CVSS 9.8
CVE-2024-47223 CRITICAL
Mitel MiCollab <9.8 SP1 FP2 - SQL Injection
CVSS 9.4
Details
Vulnerabilities 19,656
Exploit Likelihood High