CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,680 vulnerabilities with CWE-89
CVE-2024-9087 HIGH
Vehicle Management 1.0 - SQL Injection via sno Parameter in edit1.php
CVSS 7.3
CVE-2024-9086 MEDIUM
code-projects Restaurant Reservation System 1.0 - SQL Injection via filter.php from/to Parameters
CVSS 6.3
CVE-2024-9085 HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via Date Parameter
CVSS 7.3
CVE-2024-9081 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via view_category.php id Parameter
CVSS 6.3
CVE-2024-9080 HIGH
code-projects Student Record System 1.0 - SQL Injection via Pincode Parameter
CVSS 7.3
CVE-2024-9079 HIGH
code-projects Student Record System 1.0 - SQL Injection via marks.php coursename Parameter
CVSS 7.3
CVE-2024-9078 HIGH
code-projects Student Record System 1.0 - SQL Injection via coursename Parameter
CVSS 7.3
CVE-2024-47062 HIGH
Navidrome - ORM Leak, SQL Injection
CVSS 8.8
CVE-2024-9041 MEDIUM
Best House Rental Management System 1.0 - SQL Injection via update_account firstname/lastname/email Parameters
CVSS 6.3
CVE-2024-9039 HIGH
Best House Rental Management System 1.0 - SQL Injection via Signup Firstname/Lastname/Email Parameters
CVSS 7.3
CVE-2024-9037 HIGH
Codezips Internal Marks Calculation 1.0 - SQL Injection via tid Parameter in index.php
CVSS 7.3
CVE-2024-9035 HIGH
Blood Bank Management System 1.0 - SQL Injection via Admin Login Username/Password Parameter
CVSS 7.3
CVE-2024-9034 HIGH
code-projects Patient Record Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
CVE-2024-9011 MEDIUM
code-projects Crud Operation System 1.0 - SQL Injection via updata.php sid Parameter
CVSS 6.3
CVE-2024-9009 MEDIUM
Online Quiz Site 1.0 - SQL Injection via showtest.php subid Parameter
CVSS 6.3
CVE-2024-9008 MEDIUM
Best Online News Portal 1.0 - SQL Injection via Comment Section Name Parameter
CVSS 6.3
CVE-2024-46382 HIGH
linlinjava litemall 1.8.0 - SQL Injection via goodsId, goodsSn, and name Parameters
CVSS 7.5
CVE-2024-46374 CRITICAL
Best House Rental Management System 1.0 - SQL Injection in delete_category() Function
CVSS 9.8
CVE-2024-5958 HIGH
Eliz Software Panel < 2.3.24 - SQL Injection
CVSS 8.8
CVE-2024-44542 CRITICAL
todesk 1.1 - SQL Injection via News Parameter
CVSS 9.8
CVE-2024-42404 HIGH
Welcart e-Commerce <2.11.2 - SQL Injection
CVSS 8.8
CVE-2024-44004 CRITICAL
WPCargo Track & Trace <= 8.0.2 - SQL Injection
CVSS 9.3
CVE-2024-43978 CRITICAL
Super Store Finder < 6.9.8 - SQL Injection
CVSS 9.3
CVE-2024-43976 CRITICAL
Super Store Finder <= 6.9.7 - SQL Injection
CVSS 9.3
CVE-2024-43969 HIGH
Spiffy Calendar <4.9.12 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,680
Exploit Likelihood High