CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,692 vulnerabilities with CWE-89
CVE-2024-8569
HIGH
code-projects Hospital Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8568
MEDIUM
Mini-Tmall <20240901 - SQL Injection
CVSS 6.3
CVE-2024-8567
HIGH
itsourcecode Payroll Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8565
HIGH
SourceCodesters Clinics Patient Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2024-8564
MEDIUM
SourceCodester PHP CRUD 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8561
MEDIUM
SourceCodester PHP CRUD 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8560
MEDIUM
SourceCodester Simple Invoice Generator System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8559
MEDIUM
SourceCodester Online Food Menu 1.0 - SQL Injection
CVSS 4.7
CVE-2024-8557
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-7112
HIGH
Pinpoint Booking System <= 2.9.9.5.0 - Authenticated SQL Injection via Schedule Parameter
CVSS 8.8
CVE-2024-45771
CRITICAL
RapidCMS 1.3.1 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2024-44839
CRITICAL
RapidCMS 1.3.1 - SQL Injection via ArticleID Parameter
CVSS 9.8
CVE-2024-44838
CRITICAL
RapidCMS 1.3.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-44739
HIGH
Sourcecodester Simple Forum Website v1.0 - SQL Injection
CVSS 8.8
CVE-2024-7349
HIGH
LifterLMS < 7.7.6 - Authenticated Blind SQL Injection via Order Parameter
CVSS 7.2
CVE-2024-8395
CRITICAL
FlyCASS CASS and KCM Systems - SQL Injection
CVSS 9.8
CVE-2024-44727
CRITICAL
Sourcecodehero Event Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-42885
CRITICAL
ESAFENET CDG < 5.6 - SQL Injection via data.jsp id Parameter
CVSS 9.1
CVE-2024-44587
HIGH
itsourcecode Alton Management System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-8470
CRITICAL
Phpgurukul Job Portal - SQL Injection via CATEGORY Parameter
CVSS 9.8
CVE-2024-8469
CRITICAL
phpgurukul job_portal - SQL Injection via id Parameter in Employee Index
CVSS 9.8
CVE-2024-8468
CRITICAL
Phpgurukul Job Portal - SQL Injection via Search Parameter
CVSS 9.8
CVE-2024-8467
CRITICAL
phpgurukul job_portal - SQL Injection via id Parameter in /jobportal/admin/category/index.php
CVSS 9.8
CVE-2024-8466
CRITICAL
phpgurukul job_portal - SQL Injection via Category Parameter
CVSS 9.8
CVE-2024-8465
CRITICAL
phpgurukul job_portal - SQL Injection via user_id Parameter
CVSS 9.8
Details
Vulnerabilities
19,692
Exploit Likelihood
High