CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,692 vulnerabilities with CWE-89
CVE-2024-8464 CRITICAL
Phpgurukul Job Portal - SQL Injection via JOBREGID Parameter
CVSS 9.8
CVE-2024-8416 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8415 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-45174 HIGH
za-internet C-MOR Video Surveillance <6.00PL01 - SQL Injection
CVSS 8.1
CVE-2024-44817 HIGH
ZZCMS < 2023 - SQL Injection via adv2.php id Parameter
CVSS 8.8
CVE-2024-7078 CRITICAL
Semtek Sempos <= 31072024 - SQL Injection
CVSS 9.8
CVE-2024-7076 CRITICAL
Semtek Sempos <= 31072024 - Blind SQL Injection
CVSS 9.8
CVE-2024-6926 CRITICAL
Viral Signup < 2.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-44921 CRITICAL
SeaCMS v12.9 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-8380 MEDIUM
SourceCodester Contact Manager with Export to VCF 1.0 - SQL Injection
CVSS 6.3
CVE-2024-45622 CRITICAL
ASIS 3.0.0-3.2.0 - Unauthenticated SQL Injection and Authentication Bypass via Username Parameter
CVSS 9.8
CVE-2024-6919 CRITICAL
NACPremium < 2024-08-01 - Blind SQL Injection
CVSS 9.8
CVE-2024-7871 HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via Word Parameter
CVSS 8.8
CVE-2024-43776 HIGH
easytest Online Test Platform < 24e01 - Authenticated SQL Injection via qlevel Parameter
CVSS 8.8
CVE-2024-43775 HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via Search Parameter
CVSS 8.8
CVE-2024-43774 HIGH
Easytest Online Test Platform < 24e01 - Authenticated SQL Injection via UID Parameter
CVSS 8.8
CVE-2024-43773 CRITICAL
Easytest Online Test Platform < 24e01 - SQL Injection via cstr Parameter
CVSS 9.8
CVE-2024-43772 CRITICAL
Easytest Online Test Platform < 24e01 - SQL Injection via UID Parameter
CVSS 9.8
CVE-2024-8368 HIGH
Hospital Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-7717 HIGH
WP Events Manager <= 2.1.11 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 8.8
CVE-2024-8348 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via Master.php delete_category id Parameter
CVSS 6.3
CVE-2024-8347 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via Master.php delete_record id Parameter
CVSS 6.3
CVE-2024-8346 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via SystemSettings.php name Parameter
CVSS 6.3
CVE-2024-8345 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8344 MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,692
Exploit Likelihood High