CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,680 vulnerabilities with CWE-89
CVE-2024-9315
MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via id Parameter
CVSS 6.3
CVE-2024-9296
HIGH
Advocate Office Management System 1.0 - SQL Injection via /control/forgot_pass.php Username Parameter
CVSS 7.3
CVE-2024-9295
HIGH
Advocate Office Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2024-9294
MEDIUM
dingfanzu CMS <29d67d9044f6f93378e6eb6ff92272217ff7225c - SQL Injec...
CVSS 6.3
CVE-2024-9293
MEDIUM
skyselang yyladmin < 3.0 - SQL Injection via is_disable Argument
CVSS 6.3
CVE-2024-46257
MEDIUM
NginxProxyManager 2.11.3 - Remote Code Execution via Let's Encrypt Certificate Request
CVSS 6.3
CVE-2024-8630
CRITICAL
Alisonic Sibylla Firmware - SQL Injection
CVSS 9.4
CVE-2024-46472
HIGH
CodeAstro Membership Management System 1.0 - SQL Injection via Login Page Email Parameter
CVSS 8.6
CVE-2024-3373
CRITICAL
RSM Design Website Template <1.2 - SQL Injection
CVE-2024-8607
CRITICAL
Oceanic Software ValeApp <2.0.0 - SQL Injection
CVSS 9.8
CVE-2024-9130
HIGH
GiveWP - Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 7.2
CVE-2024-8275
CRITICAL
The Events Calendar <6.6.4 - SQL Injection
CVSS 9.8
CVE-2024-7385
CRITICAL
WordPress Simple HTML Sitemap <= 3.1 - Authenticated SQL Injection via 'id' Parameter
CVSS 9.1
CVE-2024-8621
CRITICAL
Daily Prayer Time plugin <2024.08.26 - SQL Injection
CVSS 9.9
CVE-2024-8484
HIGH
REST API TO MiniProgram < 4.7.1 - Unauthenticated SQL Injection via Order Parameter
CVSS 7.5
CVE-2024-8877
CRITICAL
Riello Netman 204 Firmware <= 4.05 - SQL Injection in Measurement Data SQLite Database
CVSS 9.8
CVE-2024-8436
CRITICAL
WP Easy Gallery - WordPress Gallery Plugin <4.8.5 - SQL Injection
CVSS 9.9
CVE-2024-8624
CRITICAL
MDTF - WordPress <1.3.3.3 - SQL Injection
CVSS 9.9
CVE-2024-39843
MEDIUM
Centreon 24.04.2 - Authenticated SQL Injection via Create User Form
CVSS 6.7
CVE-2024-39842
HIGH
Centreon 24.04.2 - Authenticated SQL Injection via User Massive Changes Inputs
CVSS 7.2
CVE-2024-7735
CRITICAL
Exnet Informatics Software Ferry Reservation System <240805-002 - S...
CVE-2024-9094
MEDIUM
code-projects Blood Bank System 1.0 - SQL Injection via bloodname Parameter
CVSS 6.3
CVE-2024-9093
MEDIUM
SourceCodester Profile Registration without Reload Refresh 1.0 - SQL Injection via del.php GET Parameter
CVSS 6.3
CVE-2024-9091
HIGH
code-projects Student Record System 1.0 - SQL Injection via regno Parameter
CVSS 7.3
CVE-2024-9090
MEDIUM
Modern Loan Management System 1.0 - SQL Injection via search_member.php searchMember Parameter
CVSS 6.3
Details
Vulnerabilities
19,680
Exploit Likelihood
High