CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,701 vulnerabilities with CWE-89
CVE-2024-42571
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42570
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42569
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42568
CRITICAL
School Management System - SQL Injection
CVSS 9.8
CVE-2024-42567
CRITICAL
School Management System <commit> - SQL Injection
CVSS 9.8
CVE-2024-42566
CRITICAL
School Management System <bae5aa - SQL Injection
CVSS 9.8
CVE-2024-42565
CRITICAL
jerryhanjj erp - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-42564
HIGH
jerryhanjj erp - SQL Injection via id Parameter
CVSS 7.6
CVE-2024-42562
CRITICAL
Pharmacy Management System - SQL Injection
CVSS 9.8
CVE-2024-42561
HIGH
Pharmacy Management System - SQL Injection
CVSS 8.8
CVE-2024-42558
CRITICAL
Hotel Management System - SQL Injection
CVSS 9.8
CVE-2024-42556
CRITICAL
Hotel Management System - SQL Injection
CVSS 9.8
CVE-2024-42554
HIGH
Hotel Management System - SQL Injection
CVSS 8.8
CVE-2024-42552
HIGH
Hotel Management System - SQL Injection
CVSS 8.6
CVE-2024-6847
CRITICAL
Chatbot with ChatGPT WP <2.4.5 - SQL Injection
CVSS 9.8
CVE-2024-7780
HIGH
Contact Form by Bit Form 2.0-2.13.9 - Authenticated SQL Injection via id Parameter
CVSS 7.2
CVE-2024-7702
HIGH
Contact Form by Bit Form 2.0-2.13.9 - Authenticated SQL Injection via entryID Parameter
CVSS 7.2
CVE-2024-7949
MEDIUM
Online Graduate Tracer System <= 1.0 - SQL Injection via request Parameter
CVSS 6.3
CVE-2024-7947
HIGH
Point of Sales and Inventory Management System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-7946
HIGH
Online Blood Bank Management System 1.0 - SQL Injection via User Signup Register.php User Parameter
CVSS 7.3
CVE-2024-7827
HIGH
Shopping Cart & eCommerce Store <5.7.2 - SQL Injection
CVSS 8.8
CVE-2024-7937
MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via transfer_id Parameter in printtransfer.php
CVSS 6.3
CVE-2024-7936
MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via transferred_report.php start/end/employee Parameters
CVSS 6.3
CVE-2024-7935
MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via print.php map_id Parameter
CVSS 6.3
CVE-2024-7934
MEDIUM
Project Expense Monitoring System 1.0 - SQL Injection via execute.php code Parameter
CVSS 6.3
Details
Vulnerabilities
19,701
Exploit Likelihood
High