CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,669 vulnerabilities with CWE-89
CVE-2024-48040
HIGH
tainacan Tainacan <= 0.21.8 - SQL Injection
CVSS 8.5
CVE-2024-48020
HIGH
Revmakx Backup & Staging <1.22.21 - SQL Injection
CVSS 8.5
CVE-2024-47331
CRITICAL
NinjaTeam Multi Step for Contact Form <2.7.7 - SQL Injection
CVSS 9.3
CVE-2024-46532
CRITICAL
OpenHIS 1.0 - SQL Injection via PayController Refund Function
CVSS 9.8
CVE-2024-48813
HIGH
employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 - SQL Injection via admin_id Parameter
CVSS 8.8
CVE-2024-9818
HIGH
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 7.3
CVE-2024-9817
MEDIUM
Blood Bank System 1.0 - SQL Injection via /update.php Name Parameter
CVSS 6.3
CVE-2024-9814
HIGH
Codezips Pharmacy Management System 1.0 - SQL Injection via product/update.php id Parameter
CVSS 7.3
CVE-2024-9813
HIGH
Codezips Pharmacy Management System 1.0 - SQL Injection via product/register.php category parameter
CVSS 7.3
CVE-2024-9812
HIGH
code-projects Crud Operation System 1.0 - SQL Injection via delete.php sid Parameter
CVSS 7.3
CVE-2024-9811
HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via company Argument in filter3.php
CVSS 7.3
CVE-2024-9809
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_product id Parameter
CVSS 6.3
CVE-2024-9808
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via /admin/?page=products/view_product id Parameter
CVSS 6.3
CVE-2024-9804
MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via Hospital Parameter
CVSS 4.7
CVE-2024-9797
HIGH
code-projects Blood Bank System 1.0 - SQL Injection via register.php User Parameter
CVSS 7.3
CVE-2024-9790
MEDIUM
lylme_spage 1.9.5 - SQL Injection via /admin/sou.php id Parameter
CVSS 4.7
CVE-2024-9789
MEDIUM
LyLme_spage 1.9.5 - SQL Injection via id Parameter in admin/apply.php
CVSS 4.7
CVE-2024-9788
MEDIUM
LyLme_spage 1.9.5 - SQL Injection via Admin Tag ID Parameter
CVSS 4.7
CVE-2024-4658
MEDIUM
TE Informatics Nova CMS <5.0 - SQL Injection
CVE-2024-9201
CRITICAL
seur < 2.5.11 - Time-Based SQL Injection via id_order Parameter
CVSS 9.4
CVE-2024-9796
CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
CVSS 9.8
CVE-2024-9156
HIGH
TI WooCommerce Wishlist < 2.8.2 - Unauthenticated SQL Injection via User-Supplied Parameter
CVSS 7.5
CVE-2024-9022
HIGH
TS Poll < 2.4.0 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2024-9465
CRITICAL
KEV
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2024-9286
HIGH
TRtek Software Distant Education Platform <3.2024.11 - SQL Injection
Details
Vulnerabilities
19,669
Exploit Likelihood
High