CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,669 vulnerabilities with CWE-89
CVE-2024-48040 HIGH
tainacan Tainacan <= 0.21.8 - SQL Injection
CVSS 8.5
CVE-2024-48020 HIGH
Revmakx Backup & Staging <1.22.21 - SQL Injection
CVSS 8.5
CVE-2024-47331 CRITICAL
NinjaTeam Multi Step for Contact Form <2.7.7 - SQL Injection
CVSS 9.3
CVE-2024-46532 CRITICAL
OpenHIS 1.0 - SQL Injection via PayController Refund Function
CVSS 9.8
CVE-2024-48813 HIGH
employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 - SQL Injection via admin_id Parameter
CVSS 8.8
CVE-2024-9818 HIGH
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via manage_category.php id Parameter
CVSS 7.3
CVE-2024-9817 MEDIUM
Blood Bank System 1.0 - SQL Injection via /update.php Name Parameter
CVSS 6.3
CVE-2024-9814 HIGH
Codezips Pharmacy Management System 1.0 - SQL Injection via product/update.php id Parameter
CVSS 7.3
CVE-2024-9813 HIGH
Codezips Pharmacy Management System 1.0 - SQL Injection via product/register.php category parameter
CVSS 7.3
CVE-2024-9812 HIGH
code-projects Crud Operation System 1.0 - SQL Injection via delete.php sid Parameter
CVSS 7.3
CVE-2024-9811 HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via company Argument in filter3.php
CVSS 7.3
CVE-2024-9809 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_product id Parameter
CVSS 6.3
CVE-2024-9808 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via /admin/?page=products/view_product id Parameter
CVSS 6.3
CVE-2024-9804 MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via Hospital Parameter
CVSS 4.7
CVE-2024-9797 HIGH
code-projects Blood Bank System 1.0 - SQL Injection via register.php User Parameter
CVSS 7.3
CVE-2024-9790 MEDIUM
lylme_spage 1.9.5 - SQL Injection via /admin/sou.php id Parameter
CVSS 4.7
CVE-2024-9789 MEDIUM
LyLme_spage 1.9.5 - SQL Injection via id Parameter in admin/apply.php
CVSS 4.7
CVE-2024-9788 MEDIUM
LyLme_spage 1.9.5 - SQL Injection via Admin Tag ID Parameter
CVSS 4.7
CVE-2024-4658 MEDIUM
TE Informatics Nova CMS <5.0 - SQL Injection
CVE-2024-9201 CRITICAL
seur < 2.5.11 - Time-Based SQL Injection via id_order Parameter
CVSS 9.4
CVE-2024-9796 CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
CVSS 9.8
CVE-2024-9156 HIGH
TI WooCommerce Wishlist < 2.8.2 - Unauthenticated SQL Injection via User-Supplied Parameter
CVSS 7.5
CVE-2024-9022 HIGH
TS Poll < 2.4.0 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2024-9465 CRITICAL KEV
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2024-9286 HIGH
TRtek Software Distant Education Platform <3.2024.11 - SQL Injection
Details
Vulnerabilities 19,669
Exploit Likelihood High