CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,701 vulnerabilities with CWE-89
CVE-2024-7933 HIGH
Project Expense Monitoring System 1.0 - SQL Injection via Backend Login User Parameter
CVSS 7.3
CVE-2024-7931 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_csprofile.php id Parameter
CVSS 6.3
CVE-2024-7930 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via medicine_id Parameter
CVSS 6.3
CVE-2024-7913 HIGH
itsourcecode Billing System 1.0 - SQL Injection via addclient1.php Parameter Manipulation
CVSS 7.3
CVE-2024-43286 HIGH
Squirrly SEO <12.3.19 - SQL Injection
CVSS 8.5
CVE-2024-43282 HIGH
Themeum Tutor LMS <2.7.2 - SQL Injection
CVSS 7.6
CVE-2024-43207 HIGH
Valiano Unite Gallery Lite - SQL Injection
CVSS 8.5
CVE-2024-43145 HIGH
GeoDirectory <2.3.61 - SQL Injection
CVSS 8.5
CVE-2024-42994 HIGH
VTiger CRM <= 8.1.0 - SQL Injection
CVSS 7.2
CVE-2024-7853 MEDIUM
Yoga Class Registration System <= 1.0 - SQL Injection via /admin/?page=categories/view_category id Parameter
CVSS 6.3
CVE-2024-7845 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via /tracking/admin/fetch_it.php Request Parameter
CVSS 6.3
CVE-2024-7841 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via user_name Parameter
CVSS 6.3
CVE-2024-7839 HIGH
itsourcecode Billing System 1.0 - SQL Injection via addbill.php owners_id Parameter
CVSS 7.3
CVE-2024-6456 HIGH
AVEVA Historian Server - SQL Injection
CVE-2024-7838 HIGH
Online Food Ordering System 1.0 - SQL Injection via /addcategory.php cname Parameter
CVSS 7.3
CVE-2024-32231 MEDIUM
Stash < 0.25.1 - SQL Injection via Sort Parameter
CVSS 6.3
CVE-2024-42843 CRITICAL
Projectworlds Online Examination System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42679 HIGH
Super easy enterprise management system <1.0.0 - SQL Injection
CVSS 7.8
CVE-2024-7811 MEDIUM
Daily Expenses Monitoring App 1.0 - SQL Injection via delete-expense.php Expense Parameter
CVSS 6.3
CVE-2024-7810 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_itprofile.php id Parameter
CVSS 6.3
CVE-2024-7808 HIGH
fabian job_portal 1.0 - SQL Injection via logindbc.php Email Parameter
CVSS 7.3
CVE-2024-7800 MEDIUM
Simple Online Bidding System 1.0 - SQL Injection via admin/ajax.php id Parameter
CVSS 6.3
CVE-2024-7798 HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7797 HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-7794 MEDIUM
itsourcecode Vehicle Management System 1.0 - SQL Injection via mybill.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,701
Exploit Likelihood High