CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,669 vulnerabilities with CWE-89
CVE-2024-49609 HIGH
Brandon White Author Discussion <0.2.2 - SQL Injection
CVSS 8.5
CVE-2024-47325 HIGH
Themeisle MPG <3.4.7 - SQL Injection
CVSS 8.5
CVE-2024-49623 HIGH
Hasan Movahed Duplicate Title Validate <1.0 - SQL Injection
CVSS 8.5
CVE-2024-10195 MEDIUM
Tecno 4G Portable WiFi TR118 V008-20220830 - SQL Injection
CVSS 4.7
CVE-2024-10171 MEDIUM
Blood Bank System <1.0 - SQL Injection
CVSS 4.7
CVE-2024-10170 MEDIUM
Hospital Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10169 MEDIUM
Hospital Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10167 HIGH
Codezips Sales Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10166 HIGH
Codezips Sales Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10165 HIGH
Codezips Sales Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10163 MEDIUM
SourceCodester Sentiment Based Movie Rating System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10162 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10160 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10159 HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10157 HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10156 HIGH
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-10154 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10153 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10140 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10139 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10138 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10137 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10136 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10135 MEDIUM
ESAFENET CDG 5 - SQL Injection via NetSecConfigService actionDelNetSecConfig id Parameter
CVSS 6.3
CVE-2024-10134 MEDIUM
ESAFENET CDG 5 - SQL Injection via MultiServerAjax.java connectLogout servername Parameter
CVSS 6.3
Details
Vulnerabilities 19,669
Exploit Likelihood High