CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,669 vulnerabilities with CWE-89
CVE-2024-48282 HIGH
PHPGurukul User Registration & Login System 3.2 - SQL Injection via Password Recovery
CVSS 7.6
CVE-2024-48280 HIGH
PHPGurukul User Registration & Login and User Management System 3.2 - SQL Injection via fromdate Parameter
CVSS 7.6
CVE-2024-9976 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9974 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9973 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection
CVSS 6.3
CVE-2024-9925 CRITICAL
TAI Smart Factory QPLANT SF 1.0 - SQL Injection via RequestPasswordChange Email Parameter
CVSS 9.8
CVE-2024-9982 CRITICAL
AIM LINE Marketing Platform - SQL Injection
CVSS 9.8
CVE-2024-9980 HIGH
FormosaSoft ee-class < 2024-03-26 - Authenticated SQL Injection via Page Parameter
CVSS 8.8
CVE-2024-9972 CRITICAL
Property Management System from ChanGate - SQL Injection
CVSS 9.8
CVE-2024-9971 HIGH
FlowMaster BPM Plus - SQL Injection
CVSS 8.8
CVE-2024-9968 HIGH
NewType WebEIP - Authenticated SQL Injection
CVSS 8.8
CVE-2024-46535 CRITICAL
Jepaas v7.2.8 - SQL Injection via orderSQL Parameter
CVSS 9.8
CVE-2024-48259 HIGH
Cloudlog 2.6.15 - SQL Injection via Oqrs.php Request Form
CVSS 7.3
CVE-2024-48257 CRITICAL
Wavelog 1.8.5 - SQL Injection via Oqrs_model.php get_worked_modes station_id
CVSS 9.8
CVE-2024-48251 CRITICAL
Wavelog 1.8.5 - SQL Injection via Activated_gridmap_model.php get_band_confirmed Parameters
CVSS 9.8
CVE-2024-48249 HIGH
Wavelog 1.8.5 - SQL Injection via Gridmap_model.php get_band_confirmed Parameters
CVSS 7.3
CVE-2024-48255 CRITICAL
Cloudlog 2.6.15 - SQL Injection via Oqrs.php get_station_info station_id Parameter
CVSS 9.8
CVE-2024-48253 CRITICAL
Cloudlog 2.6.15 - SQL Injection via Oqrs.php delete_oqrs_line id Parameter
CVSS 9.8
CVE-2024-9921 CRITICAL
Team+ Pro 13.5.0-13.9.9 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7099 CRITICAL
qanything 1.4.1 - SQL Injection via Unsafe User Input Concatenation
CVSS 9.8
CVE-2024-9918 MEDIUM
usualtoolcms - SQL Injection via sql Parameter in RunSql Function
CVSS 4.7
CVE-2024-9905 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Inventory ID Parameter
CVSS 6.3
CVE-2024-9894 MEDIUM
Blood Bank System 1.0 - SQL Injection via reset.php useremail Parameter
CVSS 6.3
CVE-2024-8757 HIGH
WP Post Author <3.8.1 - SQL Injection
CVSS 7.2
CVE-2024-45754 HIGH
Centreon BI Server <24.04.3,23.10.8,23.04.11,22.10.11 - Authenticat...
CVSS 7.2
Details
Vulnerabilities 19,669
Exploit Likelihood High