CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,680 vulnerabilities with CWE-89
CVE-2024-8945 MEDIUM
RISE Ultimate Project Manager 3.7.0 - SQL Injection via Dashboard Save ID Parameter
CVSS 5.5
CVE-2024-8944 HIGH
Hospital Management System 1.0 - SQL Injection via check_availability.php Email Parameter
CVSS 7.3
CVE-2024-6401 CRITICAL
SFS Consulting InsureE GL <4.6.2 - SQL Injection
CVSS 9.8
CVE-2024-8868 HIGH
code-projects Crud Operation System 1.0 - SQL Injection via savedata.php sname Argument
CVSS 7.3
CVE-2024-8669 CRITICAL
Backuply WordPress <1.3.4 - SQL Injection
CVSS 9.1
CVE-2024-44430 CRITICAL
Best Free Law Office Management Software 1.0 - SQL Injection via kortex_lite/control/register_case.php
CVSS 9.8
CVE-2024-8784 MEDIUM
QDocs Smart School Management System 7.0.0 - SQL Injection
CVSS 6.3
CVE-2024-6723 MEDIUM
AI Engine WordPress <2.4.8 - SQL Injection
CVSS 4.7
CVE-2024-8762 MEDIUM
Code-projects Crud Operation System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-34334 HIGH
ORDAT FOSS-Online <v2.24.01 - SQL Injection
CVSS 7.5
CVE-2024-8749 HIGH
i-doit pro 28 - SQL Injection via ID Parameter in cmdb_objects_by_relation.class.php
CVSS 8.8
CVE-2024-8529 CRITICAL
WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)
CVSS 10.0
CVE-2024-8522 CRITICAL
LearnPress - WordPress LMS Plugin <4.2.7 - SQL Injection
CVSS 10.0
CVE-2024-7766 HIGH
Adicon Server < 1.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-8710 MEDIUM
code-projects Inventory Management 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8709 MEDIUM
SourceCodester Best House Rental Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-34785 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34783 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34779 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32848 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32846 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32845 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32843 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32842 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32840 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
Details
Vulnerabilities 19,680
Exploit Likelihood High