CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,710 vulnerabilities with CWE-89
CVE-2024-42843 CRITICAL
Projectworlds Online Examination System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-42679 HIGH
Super easy enterprise management system <1.0.0 - SQL Injection
CVSS 7.8
CVE-2024-7811 MEDIUM
Daily Expenses Monitoring App 1.0 - SQL Injection via delete-expense.php Expense Parameter
CVSS 6.3
CVE-2024-7810 MEDIUM
Online Graduate Tracer System 1.0 - SQL Injection via view_itprofile.php id Parameter
CVSS 6.3
CVE-2024-7808 HIGH
fabian job_portal 1.0 - SQL Injection via logindbc.php Email Parameter
CVSS 7.3
CVE-2024-7800 MEDIUM
Simple Online Bidding System 1.0 - SQL Injection via admin/ajax.php id Parameter
CVSS 6.3
CVE-2024-7798 HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7797 HIGH
Simple Online Bidding System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-7794 MEDIUM
itsourcecode Vehicle Management System 1.0 - SQL Injection via mybill.php id Parameter
CVSS 6.3
CVE-2024-7792 MEDIUM
SourceCodester Task Progress Tracker 1.0 - SQL Injection via task Parameter in delete-task.php
CVSS 6.3
CVE-2024-7732 CRITICAL
SECOM Dr.ID Attendance System < 3.5.0.0.0.5 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7731 CRITICAL
SECOM Dr.ID Access Control < 3.6.3 - Unauthenticated SQL Injection via Page Parameter
CVSS 9.8
CVE-2024-7754 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via user_name Parameter in check_medicine_name.php
CVSS 6.3
CVE-2024-7751 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via hidden_id Parameter
CVSS 6.3
CVE-2024-7750 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via medicine_name Parameter
CVSS 6.3
CVE-2024-7748 MEDIUM
SourceCodester Accounts Manager App 1.0 - SQL Injection via /endpoint/delete-account.php Account Parameter
CVSS 6.3
CVE-2024-43360 CRITICAL
ZoneMinder < 1.36.34 - Time-Based SQL Injection
CVSS 9.8
CVE-2024-7682 HIGH
code-projects Job Portal 1.0 - SQL Injection via rw_i_nat.php id Parameter
CVSS 7.3
CVE-2024-7681 HIGH
College Management System 1.0 - SQL Injection via Login Page Email/Password Parameter
CVSS 7.3
CVE-2024-7680 MEDIUM
Tailoring Management System 1.0 - SQL Injection via /incedit.php id Parameter
CVSS 6.3
CVE-2024-7676 MEDIUM
Sourcecodester Car Driving School Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-7669 MEDIUM
Car Driving School Management System 1.0 - SQL Injection via Master.php delete_enrollment id Parameter
CVSS 6.3
CVE-2024-7668 MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via Master.php delete_package id Parameter
CVSS 6.3
CVE-2024-7667 MEDIUM
Car Driving School Management System 1.0 - SQL Injection via User.php id Parameter
CVSS 6.3
CVE-2024-7666 MEDIUM
Car Driving School Management System 1.0 - SQL Injection via view_package.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,710
Exploit Likelihood High