CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,692 vulnerabilities with CWE-89
CVE-2024-6204 HIGH
Zohocorp ManageEngine Exchange Reporter Plus <5715 - SQL Injection
CVSS 8.3
CVE-2024-8343 HIGH
SourceCodester Sentiment Based Movie Rating System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8340 HIGH
SourceCodester Electric Billing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8339 MEDIUM
SourceCodester Electric Billing Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8336 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8335 MEDIUM
OpenRapid RapidCMS <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-8332 MEDIUM
master-nan Sweet-CMS < 2024-08-28 - SQL Injection via /table/index
CVSS 6.3
CVE-2024-8331 MEDIUM
OpenRapid RapidCMS <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-8329 HIGH
Gether Technology 6SHR - SQL Injection
CVSS 8.8
CVE-2024-8327 HIGH
HWA JIUH DIGITAL TECHNOLOGY - SQL Injection
CVSS 8.8
CVE-2024-6672 HIGH
WhatsUp Gold <2024.0.0 - Privilege Escalation
CVSS 8.8
CVE-2024-6671 CRITICAL
WhatsUp Gold <2024.0.0 - SQL Injection
CVSS 9.8
CVE-2024-6670 CRITICAL KEV
WhatsUp Gold SQL Injection (CVE-2024-6670)
CVSS 9.8
CVE-2024-41372 CRITICAL
organizr v1.90 - SQL Injection via chat/settyping.php
CVSS 9.8
CVE-2024-41370 CRITICAL
Organizr v1.90 - SQL Injection via chat/setlike.php
CVSS 9.8
CVE-2024-43965 HIGH
Smackcoders SendGrid for WordPress <= 1.4 - SQL Injection
CVSS 8.2
CVE-2024-43943 HIGH
Greenshift Woocommerce Addon < 1.9.8 - SQL Injection
CVSS 8.5
CVE-2024-8303 MEDIUM
dingfanzu CMS - SQL Injection via getBasicInfo.php username Parameter
CVSS 6.3
CVE-2024-43942 HIGH
Wpsoul Greenshift Query and Meta Addon < 3.9.2 - SQL Injection
CVSS 8.5
CVE-2024-43941 CRITICAL
Propovoice Pro < 1.7.0.3 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-43918 CRITICAL
WBW Product Table PRO < 1.9.4 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2024-43917 CRITICAL
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
CVSS 9.3
CVE-2024-43144 CRITICAL
StylemixThemes Cost Calculator <3.2.15 - SQL Injection
CVSS 9.3
CVE-2024-43132 CRITICAL
WPWeb Elite Docket <1.7.0 - SQL Injection
CVSS 9.3
CVE-2024-39658 HIGH
Salon Booking System < 10.7 - Authenticated SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,692
Exploit Likelihood High