CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,680 vulnerabilities with CWE-89
CVE-2024-47849 CRITICAL
Mediawiki - Cargo <3.6.1 - SQL Injection
CVSS 9.8
CVE-2024-47911 MEDIUM
SonarQube 10.4-10.5 - Authenticated Blind SQL Injection via Authorizations Group-Memberships API
CVSS 6.7
CVE-2024-7801 MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Unauthenticated SQL Injection
CVSS 6.5
CVE-2024-46078 HIGH
itsourcecode Sports Management System Project 1.0 - SQL Injection via player.php id Argument
CVSS 7.5
CVE-2024-41512 HIGH
CADClick v.1.11.0 and before - SQL Injection via ccHandler.aspx bomid Parameter
CVSS 8.8
CVE-2024-43699 CRITICAL
Delta Electronics DIAEnergie < 1.10.01.008 - Unauthenticated SQL Injection via AM_RegReport.aspx
CVSS 9.8
CVE-2024-42417 HIGH
Delta Electronics DIAEnergie - SQL Injection
CVSS 8.8
CVE-2024-9460 HIGH
Codezips Online Shopping Portal 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-46626 HIGH
OS4ED openSIS-Classic 9.1 - SQL Injection via Crafted Payload
CVSS 8.8
CVE-2024-9429 MEDIUM
code-projects Restaurant Reservation System 1.0 - SQL Injection via filter2.php from/to Parameters
CVSS 6.3
CVE-2024-45999 CRITICAL
Cloudlog < 2.6.15 - SQL Injection via station_id Parameter in get_station_info()
CVSS 9.8
CVE-2024-9018 HIGH
WP Easy Gallery < 4.8.5 - Authenticated Time-Based SQL Injection via Key Parameter
CVSS 8.8
CVE-2024-9360 HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via /updatebal.php company Parameter
CVSS 7.3
CVE-2024-9359 HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via /addcompany.php company Parameter
CVSS 7.3
CVE-2024-9194 CRITICAL
Octopus Server 2024.1.0-2024.1.13037, 2024.2.0-2024.2.9481, 2024.3.0-2024.3.12765 - SQL Injection
CVSS 9.8
CVE-2024-46510 HIGH
ESAFENET CDG v5 - SQL Injection via NavigationAjax id Parameter
CVSS 7.6
CVE-2024-8379 HIGH
Cost Calculator Builder <3.2.29 - SQL Injection
CVSS 7.2
CVE-2024-9328 MEDIUM
Advocate Office Management System 1.0 - SQL Injection via edit_client.php id Parameter
CVSS 6.3
CVE-2024-9327 MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via /forgot.php useremail Parameter
CVSS 6.3
CVE-2024-9326 HIGH
PHPGurukul Online Shopping Portal 2.0 - SQL Injection via Admin Panel Username Parameter
CVSS 7.3
CVE-2024-9322 MEDIUM
Supply Chain Management 1.0 - SQL Injection via /admin/edit_manufacturer.php id Parameter
CVSS 6.3
CVE-2024-9319 MEDIUM
Online Timesheet App 1.0 - SQL Injection via timesheet Parameter in delete-timesheet.php
CVSS 6.3
CVE-2024-9318 MEDIUM
Advocate Office Management System 1.0 - SQL Injection via /control/activate.php id Parameter
CVSS 6.3
CVE-2024-9317 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_category id Parameter
CVSS 6.3
CVE-2024-9316 MEDIUM
code-projects Blood Bank Management System 1.0 - SQL Injection via Bloodname Parameter
CVSS 6.3
Details
Vulnerabilities 19,680
Exploit Likelihood High