CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,692 vulnerabilities with CWE-89
CVE-2024-39653
CRITICAL
VikRentCar <= 1.4.0 - SQL Injection
CVSS 9.3
CVE-2024-39638
HIGH
Roundup WP Registrations for the Events Calendar < 2.12.2 - SQL Injection
CVSS 8.5
CVE-2024-39622
CRITICAL
CridioStudio ListingPro <= 2.9.4 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-39620
HIGH
Cridio ListingPro < 2.9.4 - SQL Injection
CVSS 8.5
CVE-2024-38795
CRITICAL
Cridio ListingPro < 2.9.4 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-38793
HIGH
Best Restaurant Menu by PriceListo <= 1.4.1 - SQL Injection
CVSS 8.5
CVE-2024-8302
MEDIUM
dingfanzu CMS < 2024-01-31 - SQL Injection via username Parameter in chpwd.php
CVSS 6.3
CVE-2024-5057
CRITICAL
Easy Digital Downloads < 3.2.12 - SQL Injection
CVSS 9.3
CVE-2024-38693
HIGH
weDevs WP User Frontend <4.0.7 - SQL Injection
CVSS 7.6
CVE-2024-8301
HIGH
dingfanzu CMS < 2024-01-31 - SQL Injection via Username Parameter in checkin.php
CVSS 7.3
CVE-2024-7607
HIGH
Front End Users <= 3.2.28 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 8.8
CVE-2024-29731
CRITICAL
SportsNET 4.0.1 - SQL Injection via idChallenge and idEmpresa Parameters
CVSS 9.8
CVE-2024-29730
CRITICAL
SportsNET 4.0.1 - SQL Injection via idCat Parameter
CVSS 9.8
CVE-2024-29729
CRITICAL
SportsNET 4.0.1 - SQL Injection via generateShortURL url Parameter
CVSS 9.8
CVE-2024-29728
CRITICAL
SportsNET 4.0.1 - SQL Injection via idDesafio Parameter
CVSS 9.8
CVE-2024-29727
CRITICAL
SportsNET 4.0.1 - SQL Injection via send Parameter
CVSS 9.8
CVE-2024-29726
CRITICAL
SportsNET 4.0.1 - SQL Injection via setAsRead id Parameter
CVSS 9.8
CVE-2024-29725
CRITICAL
SportsNET 4.0.1 - SQL Injection via sort_bloques list Parameter
CVSS 9.8
CVE-2024-29724
CRITICAL
SportsNET 4.0.1 - SQL Injection via idDesafio Parameter
CVSS 9.8
CVE-2024-29723
CRITICAL
SportsNET 4.0.1 - SQL Injection via categoria Parameter
CVSS 9.8
CVE-2024-7857
MEDIUM
Media Library Folders <= 8.2.2 - Authenticated SQL Injection via 'sort_type' Parameter
CVSS 6.5
CVE-2024-45059
HIGH
i-educar < 2.9 - SQL Injection via cod_func GET Parameter
CVSS 8.8
CVE-2024-44761
CRITICAL
EQ Enterprise Management System <2.0.0 - Path Traversal
CVSS 9.8
CVE-2024-41236
HIGH
Kashipara Responsive School Management System v3.2.0 - SQL Injection via Admin Login Username Parameter
CVSS 7.2
CVE-2024-5546
HIGH
ManageEngine PAM360 < 7001 - Authenticated SQL Injection via Global Search Option
CVSS 8.3
Details
Vulnerabilities
19,692
Exploit Likelihood
High