CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,669 vulnerabilities with CWE-89
CVE-2024-48282
HIGH
PHPGurukul User Registration & Login System 3.2 - SQL Injection via Password Recovery
CVSS 7.6
CVE-2024-48280
HIGH
PHPGurukul User Registration & Login and User Management System 3.2 - SQL Injection via fromdate Parameter
CVSS 7.6
CVE-2024-9976
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9974
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9973
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9925
CRITICAL
TAI Smart Factory QPLANT SF 1.0 - SQL Injection via RequestPasswordChange Email Parameter
CVSS 9.8
CVE-2024-9982
CRITICAL
AIM LINE Marketing Platform - SQL Injection
CVSS 9.8
CVE-2024-9980
HIGH
FormosaSoft ee-class < 2024-03-26 - Authenticated SQL Injection via Page Parameter
CVSS 8.8
CVE-2024-9972
CRITICAL
Property Management System from ChanGate - SQL Injection
CVSS 9.8
CVE-2024-9971
HIGH
FlowMaster BPM Plus - SQL Injection
CVSS 8.8
CVE-2024-9968
HIGH
NewType WebEIP - Authenticated SQL Injection
CVSS 8.8
CVE-2024-46535
CRITICAL
Jepaas v7.2.8 - SQL Injection via orderSQL Parameter
CVSS 9.8
CVE-2024-48259
HIGH
Cloudlog 2.6.15 - SQL Injection via Oqrs.php Request Form
CVSS 7.3
CVE-2024-48257
CRITICAL
Wavelog 1.8.5 - SQL Injection via Oqrs_model.php get_worked_modes station_id
CVSS 9.8
CVE-2024-48251
CRITICAL
Wavelog 1.8.5 - SQL Injection via Activated_gridmap_model.php get_band_confirmed Parameters
CVSS 9.8
CVE-2024-48249
HIGH
Wavelog 1.8.5 - SQL Injection via Gridmap_model.php get_band_confirmed Parameters
CVSS 7.3
CVE-2024-48255
CRITICAL
Cloudlog 2.6.15 - SQL Injection via Oqrs.php get_station_info station_id Parameter
CVSS 9.8
CVE-2024-48253
CRITICAL
Cloudlog 2.6.15 - SQL Injection via Oqrs.php delete_oqrs_line id Parameter
CVSS 9.8
CVE-2024-9921
CRITICAL
Team+ Pro 13.5.0-13.9.9 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7099
CRITICAL
qanything 1.4.1 - SQL Injection via Unsafe User Input Concatenation
CVSS 9.8
CVE-2024-9918
MEDIUM
usualtoolcms - SQL Injection via sql Parameter in RunSql Function
CVSS 4.7
CVE-2024-9905
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Inventory ID Parameter
CVSS 6.3
CVE-2024-9894
MEDIUM
Blood Bank System 1.0 - SQL Injection via reset.php useremail Parameter
CVSS 6.3
CVE-2024-8757
HIGH
WP Post Author <3.8.1 - SQL Injection
CVSS 7.2
CVE-2024-45754
HIGH
Centreon BI Server <24.04.3,23.10.8,23.04.11,22.10.11 - Authenticat...
CVSS 7.2
Details
Vulnerabilities
19,669
Exploit Likelihood
High