CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,701 vulnerabilities with CWE-89
CVE-2024-29726 CRITICAL
SportsNET 4.0.1 - SQL Injection via setAsRead id Parameter
CVSS 9.8
CVE-2024-29725 CRITICAL
SportsNET 4.0.1 - SQL Injection via sort_bloques list Parameter
CVSS 9.8
CVE-2024-29724 CRITICAL
SportsNET 4.0.1 - SQL Injection via idDesafio Parameter
CVSS 9.8
CVE-2024-29723 CRITICAL
SportsNET 4.0.1 - SQL Injection via categoria Parameter
CVSS 9.8
CVE-2024-7857 MEDIUM
Media Library Folders <= 8.2.2 - Authenticated SQL Injection via 'sort_type' Parameter
CVSS 6.5
CVE-2024-45059 HIGH
i-educar < 2.9 - SQL Injection via cod_func GET Parameter
CVSS 8.8
CVE-2024-44761 CRITICAL
EQ Enterprise Management System <2.0.0 - Path Traversal
CVSS 9.8
CVE-2024-41236 HIGH
Kashipara Responsive School Management System v3.2.0 - SQL Injection via Admin Login Username Parameter
CVSS 7.2
CVE-2024-5546 HIGH
ManageEngine PAM360 < 7001 - Authenticated SQL Injection via Global Search Option
CVSS 8.3
CVE-2024-8223 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8222 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8221 MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8220 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8219 HIGH
Responsive Hotel Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8218 HIGH
code-projects Online Quiz Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8217 HIGH
SourceCodester E-Commerce Website 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6632 HIGH
FileCatalyst Workflow - SQL Injection
CVSS 7.2
CVE-2024-7071 CRITICAL
brain_low-code < 2.1.0 - SQL Injection
CVSS 9.8
CVE-2024-45265 CRITICAL
SkySystem Arfa-CMS <5.1.3124 - SQL Injection
CVSS 9.8
CVE-2024-42913 CRITICAL
RuoYi CMS 4.7.9 - SQL Injection via job_id Parameter
CVSS 9.8
CVE-2024-41444 CRITICAL
SeaCMS v12.9 - SQL Injection via DM Player Key Parameter
CVSS 9.8
CVE-2024-8173 HIGH
Blood Bank System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8171 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8169 HIGH
code-projects Online Quiz Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8168 HIGH
code-projects Online Bus Reservation Site 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,701
Exploit Likelihood High