CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,701 vulnerabilities with CWE-89
CVE-2024-7933
HIGH
Project Expense Monitoring System 1.0 - SQL Injection via Backend Login User Parameter
CVSS 7.3
CVE-2024-7931
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_csprofile.php id Parameter
CVSS 6.3
CVE-2024-7930
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via medicine_id Parameter
CVSS 6.3
CVE-2024-7913
HIGH
itsourcecode Billing System 1.0 - SQL Injection via addclient1.php Parameter Manipulation
CVSS 7.3
CVE-2024-43286
HIGH
Squirrly SEO <12.3.19 - SQL Injection
CVSS 8.5
CVE-2024-43282
HIGH
Themeum Tutor LMS <2.7.2 - SQL Injection
CVSS 7.6
CVE-2024-43207
HIGH
Valiano Unite Gallery Lite - SQL Injection
CVSS 8.5
CVE-2024-43145
HIGH
GeoDirectory <2.3.61 - SQL Injection
CVSS 8.5
CVE-2024-42994
HIGH
VTiger CRM <= 8.1.0 - SQL Injection
CVSS 7.2
CVE-2024-7853
MEDIUM
Yoga Class Registration System <= 1.0 - SQL Injection via /admin/?page=categories/view_category id Parameter
CVSS 6.3
CVE-2024-7845
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via /tracking/admin/fetch_it.php Request Parameter
CVSS 6.3
CVE-2024-7841
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via user_name Parameter
CVSS 6.3
CVE-2024-7839
HIGH
itsourcecode Billing System 1.0 - SQL Injection via addbill.php owners_id Parameter
CVSS 7.3
CVE-2024-6456
HIGH
AVEVA Historian Server - SQL Injection
CVE-2024-7838
HIGH
Online Food Ordering System 1.0 - SQL Injection via /addcategory.php cname Parameter
CVSS 7.3
CVE-2024-32231
MEDIUM
Stash < 0.25.1 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2024-42843
CRITICAL
Projectworlds Online Examination System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42679
HIGH
Super easy enterprise management system <1.0.0 - SQL Injection
CVSS 7.8
CVE-2024-7811
MEDIUM
Daily Expenses Monitoring App 1.0 - SQL Injection via delete-expense.php Expense Parameter
CVSS 6.3
CVE-2024-7810
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_itprofile.php id Parameter
CVSS 6.3
CVE-2024-7808
HIGH
fabian job_portal 1.0 - SQL Injection via logindbc.php Email Parameter
CVSS 7.3
CVE-2024-7800
MEDIUM
Simple Online Bidding System 1.0 - SQL Injection via admin/ajax.php id Parameter
CVSS 6.3
CVE-2024-7798
HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7797
HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-7794
MEDIUM
itsourcecode Vehicle Management System 1.0 - SQL Injection via mybill.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,701
Exploit Likelihood
High