CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,710 vulnerabilities with CWE-89
CVE-2024-7665
MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via manage_package.php id Parameter
CVSS 6.3
CVE-2024-7664
MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via view_details.php id Parameter
CVSS 6.3
CVE-2024-7663
MEDIUM
SourceCodester Car Driving School Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7643
MEDIUM
SourceCodester Leads Manager Tool 1.0 - SQL Injection via Delete Leads Handler
CVSS 6.3
CVE-2024-7642
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via activate_act.php id Parameter
CVSS 6.3
CVE-2024-7641
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_act.php id Parameter
CVSS 6.3
CVE-2024-7640
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via case_register_id Parameter
CVSS 6.3
CVE-2024-7639
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via delete_act.php id Parameter
CVSS 6.3
CVE-2024-7638
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via delete_client.php id Parameter
CVSS 6.3
CVE-2024-7637
HIGH
Online Polling 1.0 - SQL Injection via Registration Email Parameter
CVSS 7.3
CVE-2024-7636
HIGH
Simple Ticket Booking 1.0 - SQL Injection via Login Email/Password Parameter
CVSS 7.3
CVE-2024-7635
HIGH
code-projects Simple Ticket Booking 1.0 - SQL Injection via Registration Handler
CVSS 7.3
CVE-2024-5527
HIGH
ManageEngine ADAudit Plus < 8110 - Authenticated SQL Injection in File Auditing Configuration
CVSS 8.3
CVE-2024-5487
HIGH
ManageEngine ADAudit Plus < 8110 - Authenticated SQL Injection in Attack Surface Analyzer Export Option
CVSS 8.3
CVE-2024-40486
CRITICAL
Kashipara Live Membership System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-40479
HIGH
Kashipara Online Exam System <1.0 - SQL Injection
CVSS 8.1
CVE-2024-40477
CRITICAL
PHPGurukul Old Age Home Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-40472
CRITICAL
Sourcecodester Daily Calories Monitoring Tool v1.0 - SQL Injection
CVSS 9.8
CVE-2024-36518
HIGH
Zohocorp ManageEngine ADAudit Plus <8110 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36035
HIGH
Zohocorp ManageEngine ADAudit Plus <8003 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-36034
HIGH
Zohocorp ManageEngine ADAudit Plus <8003 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-7477
MEDIUM
Avaya Aura System Manager 10.1.x.x-10.2.x.x - Authenticated SQL Injection via CLI
CVSS 6.5
CVE-2024-41238
MEDIUM
Kashipara Responsive School Management System v1.0 - SQL Injection via Student Login Username Parameter
CVSS 5.3
CVE-2024-42357
HIGH
Shopware < 6.5.8.13 - SQL Injection via Aggregation Name Parameter
CVSS 7.3
CVE-2024-7548
HIGH
LearnPress < 4.2.6.9.3 - Authenticated Time-Based SQL Injection via Order Parameter
CVSS 8.8
Details
Vulnerabilities
19,710
Exploit Likelihood
High