CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,701 vulnerabilities with CWE-89
CVE-2024-8167 HIGH
code-projects Job Portal 1.0 - SQL Injection
CVSS 7.3
CVE-2024-43966 HIGH
Stark Digital WP Testimonial Widget < 3.1 - SQL Injection
CVSS 7.6
CVE-2024-8161 CRITICAL
ATISolutions CIGES <2.15.5 - SQL Injection
CVSS 9.8
CVE-2024-8155 MEDIUM
ContiNew Admin 3.2.0 - SQL Injection
CVSS 4.7
CVE-2024-8150 MEDIUM
ContiNew Admin 3.2.0 - SQL Injection
CVSS 4.7
CVE-2024-8147 MEDIUM
Code-projects Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8146 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8139 MEDIUM
itsourcecode E-Commerce Website 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8138 MEDIUM
Pharmacy Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-39841 HIGH
Centreon Web 22.10.0-22.10.22 - SQL Injection in Service Configuration
CVSS 8.8
CVE-2024-33854 CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Graph Template Component
CVSS 9.1
CVE-2024-33853 CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Timeperiod Component
CVSS 9.1
CVE-2024-33852 CRITICAL
Centreon Web 22.10.0-22.10.22 - SQL Injection in Downtime Component
CVSS 9.1
CVE-2024-32501 CRITICAL
Centreon Web <24.04.3-23.10.13-23.04.19-22.10.23 - SQL Injection
CVSS 9.8
CVE-2024-42765 CRITICAL
Kashipara Bus Ticket Reservation System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-5586 HIGH
ManageEngine ADAudit Plus < 8121 - Authenticated SQL Injection in Extranet Lockouts Report
CVSS 8.3
CVE-2024-5556 HIGH
ManageEngine ADAudit Plus < 8.0 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-5490 HIGH
ManageEngine ADAudit Plus < 8.0 - Authenticated SQL Injection via Aggregate Reports Option
CVSS 8.3
CVE-2024-5467 HIGH
ManageEngine ADAudit Plus < 8121 - Authenticated SQL Injection in Account Lockout Report
CVSS 8.3
CVE-2024-36517 HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36516 HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36515 HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36514 HIGH
Zohocorp ManageEngine ADAudit Plus <8000 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-8087 MEDIUM
SourceCodester E-Commerce System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8086 HIGH
SourceCodester E-Commerce System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,701
Exploit Likelihood High