CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,710 vulnerabilities with CWE-89
CVE-2024-42843
CRITICAL
Projectworlds Online Examination System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42679
HIGH
Super easy enterprise management system <1.0.0 - SQL Injection
CVSS 7.8
CVE-2024-7811
MEDIUM
Daily Expenses Monitoring App 1.0 - SQL Injection via delete-expense.php Expense Parameter
CVSS 6.3
CVE-2024-7810
MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_itprofile.php id Parameter
CVSS 6.3
CVE-2024-7808
HIGH
fabian job_portal 1.0 - SQL Injection via logindbc.php Email Parameter
CVSS 7.3
CVE-2024-7800
MEDIUM
Simple Online Bidding System 1.0 - SQL Injection via admin/ajax.php id Parameter
CVSS 6.3
CVE-2024-7798
HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7797
HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-7794
MEDIUM
itsourcecode Vehicle Management System 1.0 - SQL Injection via mybill.php id Parameter
CVSS 6.3
CVE-2024-7792
MEDIUM
SourceCodester Task Progress Tracker 1.0 - SQL Injection via task Parameter in delete-task.php
CVSS 6.3
CVE-2024-7732
CRITICAL
SECOM Dr.ID Attendance System < 3.5.0.0.0.5 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7731
CRITICAL
SECOM Dr.ID Access Control < 3.6.3 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7754
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via user_name Parameter in check_medicine_name.php
CVSS 6.3
CVE-2024-7751
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via hidden_id Parameter
CVSS 6.3
CVE-2024-7750
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via medicine_name Parameter
CVSS 6.3
CVE-2024-7748
MEDIUM
SourceCodester Accounts Manager App 1.0 - SQL Injection via /endpoint/delete-account.php Account Parameter
CVSS 6.3
CVE-2024-43360
CRITICAL
ZoneMinder < 1.36.34 - Time-Based SQL Injection
CVSS 9.8
CVE-2024-7682
HIGH
code-projects Job Portal 1.0 - SQL Injection via rw_i_nat.php id Parameter
CVSS 7.3
CVE-2024-7681
HIGH
College Management System 1.0 - SQL Injection via Login Page Email/Password Parameter
CVSS 7.3
CVE-2024-7680
MEDIUM
Tailoring Management System 1.0 - SQL Injection via /incedit.php id Parameter
CVSS 6.3
CVE-2024-7676
MEDIUM
Sourcecodester Car Driving School Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-7669
MEDIUM
Car Driving School Management System 1.0 - SQL Injection via Master.php delete_enrollment id Parameter
CVSS 6.3
CVE-2024-7668
MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via Master.php delete_package id Parameter
CVSS 6.3
CVE-2024-7667
MEDIUM
Car Driving School Management System 1.0 - SQL Injection via User.php id Parameter
CVSS 6.3
CVE-2024-7666
MEDIUM
Car Driving School Management System 1.0 - SQL Injection via view_package.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,710
Exploit Likelihood
High