CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,701 vulnerabilities with CWE-89
CVE-2024-8083 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2024-8081 HIGH
itsourcecode Payroll Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-8080 MEDIUM
SourceCodester Online Health Care System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-20417 MEDIUM
Cisco Identity Services Engine - Authenticated Blind SQL Injection via REST API
CVSS 6.5
CVE-2024-42786 HIGH
Kashipara Music Management System <1.0 - SQL Injection
CVSS 8.8
CVE-2024-42785 HIGH
Kashipara Music Management System v1.0 - SQL Injection
CVSS 8.8
CVE-2024-42784 CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-42783 CRITICAL
Kashipara Music Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42782 CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-42781 CRITICAL
Kashipara Music Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-5725 HIGH
Centreon Web < 22.10.23 - Authenticated SQL Injection and Remote Code Execution via initCurveList
CVSS 8.8
CVE-2024-5723 HIGH
Centreon Web < 22.04.24 - Authenticated SQL Injection and Remote Code Execution via updateServiceHost
CVSS 8.8
CVE-2024-6814 HIGH
NETGEAR ProSAFE Network Management System - Authenticated SQL Injection via getFilterString
CVSS 8.8
CVE-2024-6813 HIGH
NETGEAR ProSAFE Network Management System - Authenticated SQL Injection via getSortString
CVSS 8.8
CVE-2024-7854 CRITICAL
Woo Inquiry <= 0.1 - Unauthenticated SQL Injection via dbid Parameter
CVSS 10.0
CVE-2024-7651 MEDIUM
App Builder < 4.3.4 - Unauthenticated SQL Injection via app-builder-search Parameter
CVSS 5.6
CVE-2024-8023 MEDIUM
chillzhuang SpringBlade 4.1.0 - SQL Injection
CVSS 6.3
CVE-2024-42361 HIGH
Hertzbeat < 1.6.0 - SQL Injection via Metric Download Endpoint
CVSS 7.5
CVE-2024-43406 HIGH
LF Edge eKuiper < 1.14.2 - SQL Injection via Get Method in sqlKvStore
CVSS 8.8
CVE-2024-34458 HIGH
Keyfactor Command <10.5.1, <11.5.1 - SQL Injection
CVSS 7.5
CVE-2024-33872 CRITICAL
Keyfactor Command <10.5.1, <11.5.1 - SQL Injection
CVSS 9.8
CVE-2024-42575 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42574 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42573 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42572 CRITICAL
School Management System - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,701
Exploit Likelihood High