CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,680 vulnerabilities with CWE-89
CVE-2024-9797
HIGH
code-projects Blood Bank System 1.0 - SQL Injection via register.php User Parameter
CVSS 7.3
CVE-2024-9790
MEDIUM
lylme_spage 1.9.5 - SQL Injection via /admin/sou.php id Parameter
CVSS 4.7
CVE-2024-9789
MEDIUM
LyLme_spage 1.9.5 - SQL Injection via id Parameter in admin/apply.php
CVSS 4.7
CVE-2024-9788
MEDIUM
LyLme_spage 1.9.5 - SQL Injection via Admin Tag ID Parameter
CVSS 4.7
CVE-2024-4658
MEDIUM
TE Informatics Nova CMS <5.0 - SQL Injection
CVE-2024-9201
CRITICAL
seur < 2.5.11 - Time-Based SQL Injection via id_order Parameter
CVSS 9.4
CVE-2024-9796
CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
CVSS 9.8
CVE-2024-9156
HIGH
TI WooCommerce Wishlist < 2.8.2 - Unauthenticated SQL Injection via User-Supplied Parameter
CVSS 7.5
CVE-2024-9022
HIGH
TS Poll < 2.4.0 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2024-9465
CRITICAL
KEV
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2024-9286
HIGH
TRtek Software Distant Education Platform <3.2024.11 - SQL Injection
CVE-2024-47334
HIGH
Zoho Flow for WordPress <= 2.7.1 - SQL Injection
CVSS 7.6
CVE-2024-43468
CRITICAL
KEV
Microsoft Configuration Manager 2403, 2409, 2503 - Remote Code Execution
CVSS 9.8
CVE-2024-9379
MEDIUM
KEV
Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated SQL Injection in Admin Web Console
CVSS 6.5
CVE-2024-45918
CRITICAL
Fujian Kelixin Communication Command - SQL Injection
CVSS 9.8
CVE-2024-44349
CRITICAL
AnteeoWMS < 4.7.34 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2024-8911
CRITICAL
LatePoint Plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection
CVSS 9.8
CVE-2024-9574
CRITICAL
SOPlanning < 1.45 - SQL Injection via User Groupes Page by Parameter
CVSS 9.8
CVE-2024-9573
MEDIUM
soplanning < 1.45 - SQL Injection via Groupe List by Parameter
CVSS 6.3
CVE-2024-47335
HIGH
Bit Form - Contact Form Plugin <2.13.11 - SQL Injection
CVSS 7.6
CVE-2024-9560
MEDIUM
ESAFENET CDG V5 - SQL Injection via delCatelogs Function
CVSS 6.3
CVE-2024-47350
CRITICAL
YITH WooCommerce Ajax Search <2.8.0 - SQL Injection
CVSS 9.3
CVE-2024-47338
HIGH
WPExperts Square For GiveWP <1.3 - SQL Injection
CVSS 8.5
CVE-2024-45249
CRITICAL
Cavok < 4.6.11 - SQL Injection
CVSS 9.8
CVE-2024-9536
MEDIUM
ESAFENET CDG V5 - SQL Injection via MultiServerBackService fileId Parameter
CVSS 6.3
Details
Vulnerabilities
19,680
Exploit Likelihood
High