CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,692 vulnerabilities with CWE-89
CVE-2024-8464
CRITICAL
Phpgurukul Job Portal - SQL Injection via JOBREGID Parameter
CVSS 9.8
CVE-2024-8416
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8415
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-45174
HIGH
za-internet C-MOR Video Surveillance <6.00PL01 - SQL Injection
CVSS 8.1
CVE-2024-44817
HIGH
ZZCMS < 2023 - SQL Injection via adv2.php id Parameter
CVSS 8.8
CVE-2024-7078
CRITICAL
Semtek Sempos <= 31072024 - SQL Injection
CVSS 9.8
CVE-2024-7076
CRITICAL
Semtek Sempos <= 31072024 - Blind SQL Injection
CVSS 9.8
CVE-2024-6926
CRITICAL
Viral Signup < 2.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-44921
CRITICAL
SeaCMS v12.9 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-8380
MEDIUM
SourceCodester Contact Manager with Export to VCF 1.0 - SQL Injection
CVSS 6.3
CVE-2024-45622
CRITICAL
ASIS 3.0.0-3.2.0 - Unauthenticated SQL Injection and Authentication Bypass via Username Parameter
CVSS 9.8
CVE-2024-6919
CRITICAL
NACPremium < 2024-08-01 - Blind SQL Injection
CVSS 9.8
CVE-2024-7871
HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via Word Parameter
CVSS 8.8
CVE-2024-43776
HIGH
easytest Online Test Platform < 24e01 - Authenticated SQL Injection via qlevel Parameter
CVSS 8.8
CVE-2024-43775
HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via Search Parameter
CVSS 8.8
CVE-2024-43774
HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via UID Parameter
CVSS 8.8
CVE-2024-43773
CRITICAL
Easytest Online Test Platform < 24e01 - SQL Injection via cstr Parameter
CVSS 9.8
CVE-2024-43772
CRITICAL
Easytest Online Test Platform < 24e01 - SQL Injection via UID Parameter
CVSS 9.8
CVE-2024-8368
HIGH
Hospital Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-7717
HIGH
WP Events Manager <= 2.1.11 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 8.8
CVE-2024-8348
MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via Master.php delete_category id Parameter
CVSS 6.3
CVE-2024-8347
MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via Master.php delete_record id Parameter
CVSS 6.3
CVE-2024-8346
MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via SystemSettings.php name Parameter
CVSS 6.3
CVE-2024-8345
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8344
MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,692
Exploit Likelihood
High