CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,701 vulnerabilities with CWE-89
CVE-2024-29726
CRITICAL
SportsNET 4.0.1 - SQL Injection via setAsRead id Parameter
CVSS 9.8
CVE-2024-29725
CRITICAL
SportsNET 4.0.1 - SQL Injection via sort_bloques list Parameter
CVSS 9.8
CVE-2024-29724
CRITICAL
SportsNET 4.0.1 - SQL Injection via idDesafio Parameter
CVSS 9.8
CVE-2024-29723
CRITICAL
SportsNET 4.0.1 - SQL Injection via categoria Parameter
CVSS 9.8
CVE-2024-7857
MEDIUM
Media Library Folders <= 8.2.2 - Authenticated SQL Injection via 'sort_type' Parameter
CVSS 6.5
CVE-2024-45059
HIGH
i-educar < 2.9 - SQL Injection via cod_func GET Parameter
CVSS 8.8
CVE-2024-44761
CRITICAL
EQ Enterprise Management System <2.0.0 - Path Traversal
CVSS 9.8
CVE-2024-41236
HIGH
Kashipara Responsive School Management System v3.2.0 - SQL Injection via Admin Login Username Parameter
CVSS 7.2
CVE-2024-5546
HIGH
ManageEngine PAM360 < 7001 - Authenticated SQL Injection via Global Search Option
CVSS 8.3
CVE-2024-8223
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8222
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8221
MEDIUM
SourceCodester Music Gallery Site 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8220
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8219
HIGH
Responsive Hotel Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8218
HIGH
code-projects Online Quiz Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8217
HIGH
SourceCodester E-Commerce Website 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6632
HIGH
FileCatalyst Workflow - SQL Injection
CVSS 7.2
CVE-2024-7071
CRITICAL
brain_low-code < 2.1.0 - SQL Injection
CVSS 9.8
CVE-2024-45265
CRITICAL
SkySystem Arfa-CMS <5.1.3124 - SQL Injection
CVSS 9.8
CVE-2024-42913
CRITICAL
RuoYi CMS 4.7.9 - SQL Injection via job_id Parameter
CVSS 9.8
CVE-2024-41444
CRITICAL
SeaCMS v12.9 - SQL Injection via DM Player Key Parameter
CVSS 9.8
CVE-2024-8173
HIGH
Blood Bank System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8171
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8169
HIGH
code-projects Online Quiz Site 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8168
HIGH
code-projects Online Bus Reservation Site 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,701
Exploit Likelihood
High