CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,692 vulnerabilities with CWE-89
CVE-2024-7766
HIGH
Adicon Server < 1.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-8710
MEDIUM
code-projects Inventory Management 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8709
MEDIUM
SourceCodester Best House Rental Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-34785
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34783
HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-34779
HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32848
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32846
HIGH
Ivanti Endpoint Manager < 2022 SU6 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32845
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32843
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32842
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-32840
HIGH
Ivanti Endpoint Manager < 2022 SU6 and 2024 < September Update - Authenticated SQL Injection
CVSS 7.2
CVE-2024-8705
MEDIUM
Shandong Star Measurement and Control Equipment Heating Network Wir...
CVSS 6.3
CVE-2024-44541
CRITICAL
evilnapsis Inventio Lite <v4 - SQL Injection
CVSS 9.8
CVE-2024-42760
HIGH
Ellevo <6.2.0.38160 - Info Disclosure
CVSS 7.5
CVE-2024-27112
CRITICAL
SO Planning <1.52.02 - SQL Injection
CVSS 9.8
CVE-2024-8191
HIGH
Ivanti EPM <2022 SU6-2024 September - RCE
CVSS 7.8
CVE-2024-8503
CRITICAL
VICIdial Authenticated Remote Code Execution
CVSS 9.8
CVE-2024-43040
CRITICAL
Renwoxing Enterprise Intelligent Management System <3.0 - SQL Injection
CVSS 9.1
CVE-2024-8611
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6795
CRITICAL
Connex health portal <8/30/2024 - SQL Injection
CVSS 10.0
CVE-2024-44725
HIGH
AutoCMS v5.4 - SQL Injection via Sidebar Parameter
CVSS 7.2
CVE-2024-8570
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6928
CRITICAL
Opti Marketing WordPress Plugin < 2.0.9 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-6924
CRITICAL
TrueBooker < 1.0.2 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
Details
Vulnerabilities
19,692
Exploit Likelihood
High