CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,701 vulnerabilities with CWE-89
CVE-2024-8167
HIGH
code-projects Job Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2024-43966
HIGH
Stark Digital WP Testimonial Widget < 3.1 - SQL Injection
CVSS 7.6
CVE-2024-8161
CRITICAL
ATISolutions CIGES <2.15.5 - SQL Injection
CVSS 9.8
CVE-2024-8155
MEDIUM
ContiNew Admin 3.2.0 - SQL Injection
CVSS 4.7
CVE-2024-8150
MEDIUM
ContiNew Admin 3.2.0 - SQL Injection
CVSS 4.7
CVE-2024-8147
MEDIUM
Code-projects Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8146
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8139
MEDIUM
itsourcecode E-Commerce Website 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8138
MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-39841
HIGH
Centreon Web 22.10.0-22.10.22 - SQL Injection in Service Configuration
CVSS 8.8
CVE-2024-33854
CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Graph Template Component
CVSS 9.1
CVE-2024-33853
CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Timeperiod Component
CVSS 9.1
CVE-2024-33852
CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Downtime Component
CVSS 9.1
CVE-2024-32501
CRITICAL
Centreon Web <24.04.3-23.10.13-23.04.19-22.10.23 - SQL Injection
CVSS 9.8
CVE-2024-42765
CRITICAL
Kashipara Bus Ticket Reservation System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-5586
HIGH
ManageEngine ADAudit Plus < 8121 - Authenticated SQL Injection in Extranet Lockouts Report
CVSS 8.3
CVE-2024-5556
HIGH
ManageEngine ADAudit Plus < 8.0 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-5490
HIGH
ManageEngine ADAudit Plus < 8.0 - Authenticated SQL Injection via Aggregate Reports Option
CVSS 8.3
CVE-2024-5467
HIGH
ManageEngine ADAudit Plus < 8121 - Authenticated SQL Injection in Account Lockout Report
CVSS 8.3
CVE-2024-36517
HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36516
HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36515
HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36514
HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-8087
MEDIUM
SourceCodester E-Commerce System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8086
HIGH
SourceCodester E-Commerce System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,701
Exploit Likelihood
High