CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,656 vulnerabilities with CWE-89
CVE-2024-10299
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10298
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-20473
MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-20472
MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-20471
MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-10297
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-20340
MEDIUM
Cisco Secure Firewall Management Center - SQL Injection
CVSS 6.5
CVE-2024-10296
MEDIUM
PHPGurukul Medical Card Generation System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-10291
MEDIUM
ZZCMS 2023 - SQL Injection via phome Parameter in Ebak_DoExecSQL/Ebak_DotranExecutSQL
CVSS 6.3
CVE-2024-10279
MEDIUM
ESAFENET CDG 5 - SQL Injection via policyId Parameter
CVSS 6.3
CVE-2024-10278
MEDIUM
ESAFENET CDG 5 - SQL Injection via userId Parameter
CVSS 6.3
CVE-2024-10277
MEDIUM
ESAFENET CDG 5 - SQL Injection via UsbKeyAjax.java id Parameter
CVSS 6.3
CVE-2024-48657
HIGH
Hospital Management System 1.0.0 - SQL Injection
CVSS 7.2
CVE-2024-44812
CRITICAL
Online Complaint Site <1.0 - Privilege Escalation
CVSS 9.8
CVE-2024-46903
MEDIUM
Trend Micro Deep Discovery Inspector >=5.8 <6.6 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-46902
HIGH
Trend Micro Deep Discovery Inspector >=5.8 <6.6 - Authenticated SQL Injection
CVSS 8.4
CVE-2024-39753
HIGH
Trend Micro Apex One < 14.0.13139 - SQL Injection
CVSS 7.5
CVE-2024-48570
HIGH
Client Management System 1.0 - SQL Injection via Between Dates Reports Parameter
CVSS 7.5
CVE-2024-9987
HIGH
Pandora FMS 700-777.2 - Authenticated SQL Injection via Agents Modules CSV Filter Parameter
CVSS 8.8
CVE-2024-35286
CRITICAL
Mitel MiCollab < 9.8.0.33 - Unauthenticated SQL Injection in NuPoint Messenger
CVSS 9.8
CVE-2024-30158
HIGH
Mitel MiCollab <9.7.1.110 - SQL Injection
CVSS 7.2
CVE-2024-30157
HIGH
Mitel MiCollab <9.7.1.110 - SQL Injection
CVSS 7.2
CVE-2024-48597
HIGH
Online Clinic Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-48509
CRITICAL
Learning with Texts 2.0.3 - SQL Injection via URL Parameter
CVSS 9.8
CVE-2024-47223
CRITICAL
Mitel MiCollab <9.8 SP1 FP2 - SQL Injection
CVSS 9.4
Details
Vulnerabilities
19,656
Exploit Likelihood
High