CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,710 vulnerabilities with CWE-89
CVE-2024-7665 MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via manage_package.php id Parameter
CVSS 6.3
CVE-2024-7664 MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via view_details.php id Parameter
CVSS 6.3
CVE-2024-7663 MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7643 MEDIUM
SourceCodester Leads Manager Tool 1.0 - SQL Injection via Delete Leads Handler
CVSS 6.3
CVE-2024-7642 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via activate_act.php id Parameter
CVSS 6.3
CVE-2024-7641 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_act.php id Parameter
CVSS 6.3
CVE-2024-7640 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via case_register_id Parameter
CVSS 6.3
CVE-2024-7639 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via delete_act.php id Parameter
CVSS 6.3
CVE-2024-7638 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via delete_client.php id Parameter
CVSS 6.3
CVE-2024-7637 HIGH
Online Polling 1.0 - SQL Injection via Registration Email Parameter
CVSS 7.3
CVE-2024-7636 HIGH
Simple Ticket Booking 1.0 - SQL Injection via Login Email/Password Parameter
CVSS 7.3
CVE-2024-7635 HIGH
code-projects Simple Ticket Booking 1.0 - SQL Injection via Registration Handler
CVSS 7.3
CVE-2024-5527 HIGH
ManageEngine ADAudit Plus < 8110 - Authenticated SQL Injection in File Auditing Configuration
CVSS 8.3
CVE-2024-5487 HIGH
ManageEngine ADAudit Plus < 8110 - Authenticated SQL Injection in Attack Surface Analyzer Export Option
CVSS 8.3
CVE-2024-40486 CRITICAL
Kashipara Live Membership System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-40479 HIGH
Kashipara Online Exam System <1.0 - SQL Injection
CVSS 8.1
CVE-2024-40477 CRITICAL
PHPGurukul Old Age Home Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-40472 CRITICAL
Sourcecodester Daily Calories Monitoring Tool v1.0 - SQL Injection
CVSS 9.8
CVE-2024-36518 HIGH
Zohocorp ManageEngine ADAudit Plus <8110 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36035 HIGH
Zohocorp ManageEngine ADAudit Plus <8003 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36034 HIGH
Zohocorp ManageEngine ADAudit Plus <8003 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-7477 MEDIUM
Avaya Aura System Manager 10.1.x.x-10.2.x.x - Authenticated SQL Injection via CLI
CVSS 6.5
CVE-2024-41238 MEDIUM
Kashipara Responsive School Management System v1.0 - SQL Injection via Student Login Username Parameter
CVSS 5.3
CVE-2024-42357 HIGH
Shopware < 6.5.8.13 - SQL Injection via Aggregation Name Parameter
CVSS 7.3
CVE-2024-7548 HIGH
LearnPress < 4.2.6.9.3 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 8.8
Details
Vulnerabilities 19,710
Exploit Likelihood High