CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,692 vulnerabilities with CWE-89
CVE-2024-8569 HIGH
code-projects Hospital Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8568 MEDIUM
Mini-Tmall <20240901 - SQL Injection
CVSS 6.3
CVE-2024-8567 HIGH
itsourcecode Payroll Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8565 HIGH
SourceCodesters Clinics Patient Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2024-8564 MEDIUM
SourceCodester PHP CRUD 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8561 MEDIUM
SourceCodester PHP CRUD 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8560 MEDIUM
SourceCodester Simple Invoice Generator System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8559 MEDIUM
SourceCodester Online Food Menu 1.0 - SQL Injection
CVSS 4.7
CVE-2024-8557 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-7112 HIGH
Pinpoint Booking System <= 2.9.9.5.0 - Authenticated SQL Injection via Schedule Parameter
CVSS 8.8
CVE-2024-45771 CRITICAL
RapidCMS 1.3.1 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2024-44839 CRITICAL
RapidCMS 1.3.1 - SQL Injection via ArticleID Parameter
CVSS 9.8
CVE-2024-44838 CRITICAL
RapidCMS 1.3.1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-44739 HIGH
Sourcecodester Simple Forum Website v1.0 - SQL Injection
CVSS 8.8
CVE-2024-7349 HIGH
LifterLMS < 7.7.6 - Authenticated Blind SQL Injection via Order Parameter
CVSS 7.2
CVE-2024-8395 CRITICAL
FlyCASS CASS and KCM Systems - SQL Injection
CVSS 9.8
CVE-2024-44727 CRITICAL
Sourcecodehero Event Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-42885 CRITICAL
ESAFENET CDG < 5.6 - SQL Injection via data.jsp id Parameter
CVSS 9.1
CVE-2024-44587 HIGH
itsourcecode Alton Management System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-8470 CRITICAL
Phpgurukul Job Portal - SQL Injection via CATEGORY Parameter
CVSS 9.8
CVE-2024-8469 CRITICAL
phpgurukul job_portal - SQL Injection via id Parameter in Employee Index
CVSS 9.8
CVE-2024-8468 CRITICAL
Phpgurukul Job Portal - SQL Injection via Search Parameter
CVSS 9.8
CVE-2024-8467 CRITICAL
phpgurukul job_portal - SQL Injection via id Parameter in /jobportal/admin/category/index.php
CVSS 9.8
CVE-2024-8466 CRITICAL
phpgurukul job_portal - SQL Injection via Category Parameter
CVSS 9.8
CVE-2024-8465 CRITICAL
phpgurukul job_portal - SQL Injection via user_id Parameter
CVSS 9.8
Details
Vulnerabilities 19,692
Exploit Likelihood High