CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,701 vulnerabilities with CWE-89
CVE-2024-42571 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42570 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42569 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42568 CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42567 CRITICAL
School Management System <commit> - SQL Injection
CVSS 9.8
CVE-2024-42566 CRITICAL
School Management System <bae5aa - SQL Injection
CVSS 9.8
CVE-2024-42565 CRITICAL
jerryhanjj erp - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-42564 HIGH
jerryhanjj erp - SQL Injection via id Parameter
CVSS 7.6
CVE-2024-42562 CRITICAL
Pharmacy Management System - SQL Injection
CVSS 9.8
CVE-2024-42561 HIGH
Pharmacy Management System - SQL Injection
CVSS 8.8
CVE-2024-42558 CRITICAL
Hotel Management System - SQL Injection
CVSS 9.8
CVE-2024-42556 CRITICAL
Hotel Management System - SQL Injection
CVSS 9.8
CVE-2024-42554 HIGH
Hotel Management System - SQL Injection
CVSS 8.8
CVE-2024-42552 HIGH
Hotel Management System - SQL Injection
CVSS 8.6
CVE-2024-6847 CRITICAL
Chatbot with ChatGPT WP <2.4.5 - SQL Injection
CVSS 9.8
CVE-2024-7780 HIGH
Contact Form by Bit Form 2.0-2.13.9 - Authenticated SQL Injection via id Parameter
CVSS 7.2
CVE-2024-7702 HIGH
Contact Form by Bit Form 2.0-2.13.9 - Authenticated SQL Injection via entryID Parameter
CVSS 7.2
CVE-2024-7949 MEDIUM
Online Graduate Tracer System <= 1.0 - SQL Injection via request Parameter
CVSS 6.3
CVE-2024-7947 HIGH
Point of Sales and Inventory Management System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-7946 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via User Signup Register.php User Parameter
CVSS 7.3
CVE-2024-7827 HIGH
Shopping Cart & eCommerce Store <5.7.2 - SQL Injection
CVSS 8.8
CVE-2024-7937 MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via transfer_id Parameter in printtransfer.php
CVSS 6.3
CVE-2024-7936 MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via transferred_report.php start/end/employee Parameters
CVSS 6.3
CVE-2024-7935 MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via print.php map_id Parameter
CVSS 6.3
CVE-2024-7934 MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via execute.php code Parameter
CVSS 6.3
Details
Vulnerabilities 19,701
Exploit Likelihood High