CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,701 vulnerabilities with CWE-89
CVE-2024-8083
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8081
HIGH
itsourcecode Payroll Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8080
MEDIUM
SourceCodester Online Health Care System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-20417
MEDIUM
Cisco Identity Services Engine - Authenticated Blind SQL Injection via REST API
CVSS 6.5
CVE-2024-42786
HIGH
Kashipara Music Management System <1.0 - SQL Injection
CVSS 8.8
CVE-2024-42785
HIGH
Kashipara Music Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2024-42784
CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-42783
CRITICAL
Kashipara Music Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42782
CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-42781
CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-5725
HIGH
Centreon Web < 22.10.23 - Authenticated SQL Injection and Remote Code Execution via initCurveList
CVSS 8.8
CVE-2024-5723
HIGH
Centreon Web < 22.04.24 - Authenticated SQL Injection and Remote Code Execution via updateServiceHost
CVSS 8.8
CVE-2024-6814
HIGH
NETGEAR ProSAFE Network Management System - Authenticated SQL Injection via getFilterString
CVSS 8.8
CVE-2024-6813
HIGH
NETGEAR ProSAFE Network Management System - Authenticated SQL Injection via getSortString
CVSS 8.8
CVE-2024-7854
CRITICAL
Woo Inquiry <= 0.1 - Unauthenticated SQL Injection via dbid Parameter
CVSS 10.0
CVE-2024-7651
MEDIUM
App Builder < 4.3.4 - Unauthenticated SQL Injection via app-builder-search Parameter
CVSS 5.6
CVE-2024-8023
MEDIUM
chillzhuang SpringBlade 4.1.0 - SQL Injection
CVSS 6.3
CVE-2024-42361
HIGH
Hertzbeat < 1.6.0 - SQL Injection via Metric Download Endpoint
CVSS 7.5
CVE-2024-43406
HIGH
LF Edge eKuiper < 1.14.2 - SQL Injection via Get Method in sqlKvStore
CVSS 8.8
CVE-2024-34458
HIGH
Keyfactor Command <10.5.1, <11.5.1 - SQL Injection
CVSS 7.5
CVE-2024-33872
CRITICAL
Keyfactor Command <10.5.1, <11.5.1 - SQL Injection
CVSS 9.8
CVE-2024-42575
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42574
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42573
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42572
CRITICAL
School Management System - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,701
Exploit Likelihood
High