CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,692 vulnerabilities with CWE-89
CVE-2024-7766 HIGH
Adicon Server < 1.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-8710 MEDIUM
code-projects Inventory Management 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8709 MEDIUM
SourceCodester Best House Rental Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-34785 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34783 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34779 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32848 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32846 HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32845 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32843 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32842 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32840 HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-8705 MEDIUM
Shandong Star Measurement and Control Equipment Heating Network Wir...
CVSS 6.3
CVE-2024-44541 CRITICAL
evilnapsis Inventio Lite <v4 - SQL Injection
CVSS 9.8
CVE-2024-42760 HIGH
Ellevo <6.2.0.38160 - Info Disclosure
CVSS 7.5
CVE-2024-27112 CRITICAL
SO Planning <1.52.02 - SQL Injection
CVSS 9.8
CVE-2024-8191 HIGH
Ivanti EPM <2022 SU6-2024 September - RCE
CVSS 7.8
CVE-2024-8503 CRITICAL
VICIdial Authenticated Remote Code Execution
CVSS 9.8
CVE-2024-43040 CRITICAL
Renwoxing Enterprise Intelligent Management System <3.0 - SQL Injection
CVSS 9.1
CVE-2024-8611 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6795 CRITICAL
Connex health portal <8/30/2024 - SQL Injection
CVSS 10.0
CVE-2024-44725 HIGH
AutoCMS v5.4 - SQL Injection via Sidebar Parameter
CVSS 7.2
CVE-2024-8570 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6928 CRITICAL
Opti Marketing WordPress Plugin < 2.0.9 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-6924 CRITICAL
TrueBooker < 1.0.2 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
Details
Vulnerabilities 19,692
Exploit Likelihood High