CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,669 vulnerabilities with CWE-89
CVE-2024-10133
MEDIUM
ESAFENET CDG 5 - SQL Injection via updateNetSecPolicyPriority Function
CVSS 6.3
CVE-2024-10129
MEDIUM
HFO4 shudong-share <2.4.7 - SQL Injection
CVSS 6.3
CVE-2024-47487
HIGH
HikCentral Professional - SQL Injection
CVSS 8.8
CVE-2024-49305
CRITICAL
WPFactory Email Verification <2.8.10 - SQL Injection
CVSS 9.3
CVE-2024-49299
HIGH
Surfer <= 1.5.0.502 - SQL Injection
CVSS 7.6
CVE-2024-49297
HIGH
Zoho CRM Lead Magnet <1.7.9.0 - SQL Injection
CVSS 8.5
CVE-2024-49246
CRITICAL
Ajax Rating with Custom Login <1.1 - SQL Injection
CVSS 9.3
CVE-2024-49244
HIGH
CSV Product Import Export for WooCommerce <1.0.0 - SQL Injection
CVSS 8.5
CVE-2024-47312
HIGH
WPGrim Classic Editor & Classic Widgets <1.4.1 - SQL Injection
CVSS 8.5
CVE-2024-47304
HIGH
Fluent Support <1.8.0 - SQL Injection
CVSS 8.5
CVE-2024-10072
MEDIUM
ESAFENET CDG 5 - SQL Injection via EncryptPolicyService.java checklist Parameter
CVSS 6.3
CVE-2024-10071
MEDIUM
ESAFENET CDG 5 - SQL Injection via encryptPolicyId Parameter in EncryptPolicyService
CVSS 6.3
CVE-2024-10070
MEDIUM
ESAFENET CDG 5 - SQL Injection via PolicyPushControlAction policyId Parameter
CVSS 6.3
CVE-2024-10069
MEDIUM
ESAFENET CDG 5 - SQL Injection via MailDecryptApplicationService id Parameter
CVSS 6.3
CVE-2024-48043
HIGH
ShortPixel Image Optimizer <5.6.3 - SQL Injection
CVSS 7.6
CVE-2024-45767
MEDIUM
Dell OpenManage Enterprise < 4.2.0 - SQL Injection
CVSS 4.3
CVE-2024-38814
HIGH
VMware HCX >=4.8.0 <4.8.2 - Authenticated SQL Injection and Remote Code Execution
CVSS 8.8
CVE-2024-10024
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10023
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10022
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-10021
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-48411
CRITICAL
Online Tours and Travels Management System 1.0 - SQL Injection via Forget Password Email Parameter
CVSS 9.8
CVE-2024-35584
HIGH
OpenSis Community Edition 8.0-9.1 - Authenticated SQL Injection via X-Forwarded-For Header
CVSS 8.8
CVE-2024-9986
HIGH
Blood Bank Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-48283
CRITICAL
Phpgurukul User Registration & Login and User Management System 3.2 - SQL Injection via Search Key Parameter
CVSS 9.8
Details
Vulnerabilities
19,669
Exploit Likelihood
High