CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,710 vulnerabilities with CWE-89
CVE-2024-7150 HIGH
10web Slider < 1.2.57 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 8.8
CVE-2024-41237 CRITICAL
Kashipara Responsive School Management System 1.0 - SQL Injection via Teacher Login Username Parameter
CVSS 9.8
CVE-2024-34480 CRITICAL
SourceCodester Computer Lab Mgt Sys 1.0 - SQL Injection
CVSS 9.8
CVE-2024-34479 CRITICAL
SourceCodester Computer Lab Mgmt Sys 1.0 - SQL Injection
CVSS 9.8
CVE-2024-42005 HIGH
Django 4.2-4.2.14 and 5.0-5.0.7 - SQL Injection via JSONField QuerySet.values() Column Alias
CVSS 7.3
CVE-2024-33974 CRITICAL
janobe school_attendence_monitoring_system 1.0 - SQL Injection via /report/printlogs.php Users Parameter
CVSS 9.8
CVE-2024-33973 CRITICAL
PayPal, Credit Card & Debit Card Payment 1.0 - SQL Injection
CVSS 9.8
CVE-2024-33972 CRITICAL
janobe Credit Card, Debit Card Payment, PayPal 1.0 - SQL Injection via Event Print Parameter
CVSS 9.8
CVE-2024-33971 CRITICAL
janobe Credit Card, Debit Card Payment, and PayPal 1.0 - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2024-33970 CRITICAL
janobe Credit Card, Debit Card Payment, and PayPal 1.0 - SQL Injection via studid Parameter
CVSS 9.8
CVE-2024-33969 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33968 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33967 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33966 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33965 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33964 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33963 CRITICAL
janobe Credit Card, Debit Card Payment, and PayPal 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33962 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33961 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33960 CRITICAL
PayPal, Credit Card & Debit Card Payment <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33959 CRITICAL
PayPal, Credit Card & Debit Card Payment 1.0 - SQL Injection
CVSS 9.8
CVE-2024-33958 CRITICAL
E-Negosyo System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-33957 CRITICAL
E-Negosyo System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-7505 HIGH
Bike Delivery System 1.0 - SQL Injection via contact_us_action.php name Parameter
CVSS 7.3
CVE-2024-7009 MEDIUM
calibre <= 7.15.0 - Authenticated SQL Injection via Full-Text Search
CVSS 4.2
Details
Vulnerabilities 19,710
Exploit Likelihood High