CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,692 vulnerabilities with CWE-89
CVE-2024-6204
HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5715 - SQL Injection
CVSS 8.3
CVE-2024-8343
HIGH
SourceCodester Sentiment Based Movie Rating System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8340
HIGH
SourceCodester Electric Billing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8339
MEDIUM
SourceCodester Electric Billing Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8336
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8335
MEDIUM
OpenRapid RapidCMS <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-8332
MEDIUM
master-nan Sweet-CMS < 2024-08-28 - SQL Injection via /table/index
CVSS 6.3
CVE-2024-8331
MEDIUM
OpenRapid RapidCMS <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-8329
HIGH
Gether Technology 6SHR - SQL Injection
CVSS 8.8
CVE-2024-8327
HIGH
HWA JIUH DIGITAL TECHNOLOGY - SQL Injection
CVSS 8.8
CVE-2024-6672
HIGH
WhatsUp Gold <2024.0.0 - Privilege Escalation
CVSS 8.8
CVE-2024-6671
CRITICAL
WhatsUp Gold <2024.0.0 - SQL Injection
CVSS 9.8
CVE-2024-6670
CRITICAL
KEV
WhatsUp Gold SQL Injection (CVE-2024-6670)
CVSS 9.8
CVE-2024-41372
CRITICAL
organizr v1.90 - SQL Injection via chat/settyping.php
CVSS 9.8
CVE-2024-41370
CRITICAL
Organizr v1.90 - SQL Injection via chat/setlike.php
CVSS 9.8
CVE-2024-43965
HIGH
Smackcoders SendGrid for WordPress <= 1.4 - SQL Injection
CVSS 8.2
CVE-2024-43943
HIGH
Greenshift Woocommerce Addon < 1.9.8 - SQL Injection
CVSS 8.5
CVE-2024-8303
MEDIUM
dingfanzu CMS - SQL Injection via getBasicInfo.php username Parameter
CVSS 6.3
CVE-2024-43942
HIGH
Wpsoul Greenshift Query and Meta Addon < 3.9.2 - SQL Injection
CVSS 8.5
CVE-2024-43941
CRITICAL
Propovoice Pro < 1.7.0.3 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-43918
CRITICAL
WBW Product Table PRO < 1.9.4 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2024-43917
CRITICAL
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
CVSS 9.3
CVE-2024-43144
CRITICAL
StylemixThemes Cost Calculator <3.2.15 - SQL Injection
CVSS 9.3
CVE-2024-43132
CRITICAL
WPWeb Elite Docket <1.7.0 - SQL Injection
CVSS 9.3
CVE-2024-39658
HIGH
Salon Booking System < 10.7 - Authenticated SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,692
Exploit Likelihood
High