CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,669 vulnerabilities with CWE-89
CVE-2024-10133 MEDIUM
ESAFENET CDG 5 - SQL Injection via updateNetSecPolicyPriority Function
CVSS 6.3
CVE-2024-10129 MEDIUM
HFO4 shudong-share <2.4.7 - SQL Injection
CVSS 6.3
CVE-2024-47487 HIGH
HikCentral Professional - SQL Injection
CVSS 8.8
CVE-2024-49305 CRITICAL
WPFactory Email Verification <2.8.10 - SQL Injection
CVSS 9.3
CVE-2024-49299 HIGH
Surfer <= 1.5.0.502 - SQL Injection
CVSS 7.6
CVE-2024-49297 HIGH
Zoho CRM Lead Magnet <1.7.9.0 - SQL Injection
CVSS 8.5
CVE-2024-49246 CRITICAL
Ajax Rating with Custom Login <1.1 - SQL Injection
CVSS 9.3
CVE-2024-49244 HIGH
CSV Product Import Export for WooCommerce <1.0.0 - SQL Injection
CVSS 8.5
CVE-2024-47312 HIGH
WPGrim Classic Editor & Classic Widgets <1.4.1 - SQL Injection
CVSS 8.5
CVE-2024-47304 HIGH
Fluent Support <1.8.0 - SQL Injection
CVSS 8.5
CVE-2024-10072 MEDIUM
ESAFENET CDG 5 - SQL Injection via EncryptPolicyService.java checklist Parameter
CVSS 6.3
CVE-2024-10071 MEDIUM
ESAFENET CDG 5 - SQL Injection via encryptPolicyId Parameter in EncryptPolicyService
CVSS 6.3
CVE-2024-10070 MEDIUM
ESAFENET CDG 5 - SQL Injection via PolicyPushControlAction policyId Parameter
CVSS 6.3
CVE-2024-10069 MEDIUM
ESAFENET CDG 5 - SQL Injection via MailDecryptApplicationService id Parameter
CVSS 6.3
CVE-2024-48043 HIGH
ShortPixel Image Optimizer <5.6.3 - SQL Injection
CVSS 7.6
CVE-2024-45767 MEDIUM
Dell OpenManage Enterprise < 4.2.0 - SQL Injection
CVSS 4.3
CVE-2024-38814 HIGH
VMware HCX >=4.8.0 <4.8.2 - Authenticated SQL Injection and Remote Code Execution
CVSS 8.8
CVE-2024-10024 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10023 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10022 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10021 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-48411 CRITICAL
Online Tours and Travels Management System 1.0 - SQL Injection via Forget Password Email Parameter
CVSS 9.8
CVE-2024-35584 HIGH
OpenSis Community Edition 8.0-9.1 - Authenticated SQL Injection via X-Forwarded-For Header
CVSS 8.8
CVE-2024-9986 HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-48283 CRITICAL
Phpgurukul User Registration & Login and User Management System 3.2 - SQL Injection via Search Key Parameter
CVSS 9.8
Details
Vulnerabilities 19,669
Exploit Likelihood High