CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,680 vulnerabilities with CWE-89
CVE-2024-9087
HIGH
Vehicle Management 1.0 - SQL Injection via sno Parameter in edit1.php
CVSS 7.3
CVE-2024-9086
MEDIUM
code-projects Restaurant Reservation System 1.0 - SQL Injection via filter.php from/to Parameters
CVSS 6.3
CVE-2024-9085
HIGH
code-projects Restaurant Reservation System 1.0 - SQL Injection via Date Parameter
CVSS 7.3
CVE-2024-9081
MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via view_category.php id Parameter
CVSS 6.3
CVE-2024-9080
HIGH
code-projects Student Record System 1.0 - SQL Injection via Pincode Parameter
CVSS 7.3
CVE-2024-9079
HIGH
code-projects Student Record System 1.0 - SQL Injection via marks.php coursename Parameter
CVSS 7.3
CVE-2024-9078
HIGH
code-projects Student Record System 1.0 - SQL Injection via coursename Parameter
CVSS 7.3
CVE-2024-47062
HIGH
Navidrome - ORM Leak, SQL Injection
CVSS 8.8
CVE-2024-9041
MEDIUM
Best House Rental Management System 1.0 - SQL Injection via update_account firstname/lastname/email Parameters
CVSS 6.3
CVE-2024-9039
HIGH
Best House Rental Management System 1.0 - SQL Injection via Signup Firstname/Lastname/Email Parameters
CVSS 7.3
CVE-2024-9037
HIGH
Codezips Internal Marks Calculation 1.0 - SQL Injection via tid Parameter in index.php
CVSS 7.3
CVE-2024-9035
HIGH
Blood Bank Management System 1.0 - SQL Injection via Admin Login Username/Password Parameter
CVSS 7.3
CVE-2024-9034
HIGH
code-projects Patient Record Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
CVE-2024-9011
MEDIUM
code-projects Crud Operation System 1.0 - SQL Injection via updata.php sid Parameter
CVSS 6.3
CVE-2024-9009
MEDIUM
Online Quiz Site 1.0 - SQL Injection via showtest.php subid Parameter
CVSS 6.3
CVE-2024-9008
MEDIUM
Best Online News Portal 1.0 - SQL Injection via Comment Section Name Parameter
CVSS 6.3
CVE-2024-46382
HIGH
linlinjava litemall 1.8.0 - SQL Injection via goodsId, goodsSn, and name Parameters
CVSS 7.5
CVE-2024-46374
CRITICAL
Best House Rental Management System 1.0 - SQL Injection in delete_category() Function
CVSS 9.8
CVE-2024-5958
HIGH
Eliz Software Panel < 2.3.24 - SQL Injection
CVSS 8.8
CVE-2024-44542
CRITICAL
todesk 1.1 - SQL Injection via News Parameter
CVSS 9.8
CVE-2024-42404
HIGH
Welcart e-Commerce <2.11.2 - SQL Injection
CVSS 8.8
CVE-2024-44004
CRITICAL
WPCargo Track & Trace <= 8.0.2 - SQL Injection
CVSS 9.3
CVE-2024-43978
CRITICAL
Super Store Finder < 6.9.8 - SQL Injection
CVSS 9.3
CVE-2024-43976
CRITICAL
Super Store Finder <= 6.9.7 - SQL Injection
CVSS 9.3
CVE-2024-43969
HIGH
Spiffy Calendar <4.9.12 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,680
Exploit Likelihood
High