CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,680 vulnerabilities with CWE-89
CVE-2024-9797 HIGH
code-projects Blood Bank System 1.0 - SQL Injection via register.php User Parameter
CVSS 7.3
CVE-2024-9790 MEDIUM
lylme_spage 1.9.5 - SQL Injection via /admin/sou.php id Parameter
CVSS 4.7
CVE-2024-9789 MEDIUM
LyLme_spage 1.9.5 - SQL Injection via id Parameter in admin/apply.php
CVSS 4.7
CVE-2024-9788 MEDIUM
LyLme_spage 1.9.5 - SQL Injection via Admin Tag ID Parameter
CVSS 4.7
CVE-2024-4658 MEDIUM
TE Informatics Nova CMS <5.0 - SQL Injection
CVE-2024-9201 CRITICAL
seur < 2.5.11 - Time-Based SQL Injection via id_order Parameter
CVSS 9.4
CVE-2024-9796 CRITICAL
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
CVSS 9.8
CVE-2024-9156 HIGH
TI WooCommerce Wishlist < 2.8.2 - Unauthenticated SQL Injection via User-Supplied Parameter
CVSS 7.5
CVE-2024-9022 HIGH
TS Poll < 2.4.0 - Authenticated SQL Injection via Orderby Parameter
CVSS 7.2
CVE-2024-9465 CRITICAL KEV
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2024-9286 HIGH
TRtek Software Distant Education Platform <3.2024.11 - SQL Injection
CVE-2024-47334 HIGH
Zoho Flow for WordPress <= 2.7.1 - SQL Injection
CVSS 7.6
CVE-2024-43468 CRITICAL KEV
Microsoft Configuration Manager 2403, 2409, 2503 - Remote Code Execution
CVSS 9.8
CVE-2024-9379 MEDIUM KEV
Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated SQL Injection in Admin Web Console
CVSS 6.5
CVE-2024-45918 CRITICAL
Fujian Kelixin Communication Command - SQL Injection
CVSS 9.8
CVE-2024-44349 CRITICAL
AnteeoWMS < 4.7.34 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2024-8911 CRITICAL
LatePoint Plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection
CVSS 9.8
CVE-2024-9574 CRITICAL
SOPlanning < 1.45 - SQL Injection via User Groupes Page by Parameter
CVSS 9.8
CVE-2024-9573 MEDIUM
soplanning < 1.45 - SQL Injection via Groupe List by Parameter
CVSS 6.3
CVE-2024-47335 HIGH
Bit Form - Contact Form Plugin <2.13.11 - SQL Injection
CVSS 7.6
CVE-2024-9560 MEDIUM
ESAFENET CDG V5 - SQL Injection via delCatelogs Function
CVSS 6.3
CVE-2024-47350 CRITICAL
YITH WooCommerce Ajax Search <2.8.0 - SQL Injection
CVSS 9.3
CVE-2024-47338 HIGH
WPExperts Square For GiveWP <1.3 - SQL Injection
CVSS 8.5
CVE-2024-45249 CRITICAL
Cavok < 4.6.11 - SQL Injection
CVSS 9.8
CVE-2024-9536 MEDIUM
ESAFENET CDG V5 - SQL Injection via MultiServerBackService fileId Parameter
CVSS 6.3
Details
Vulnerabilities 19,680
Exploit Likelihood High