CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,710 vulnerabilities with CWE-89
CVE-2024-7499
MEDIUM
Airline Reservation System 1.0 - SQL Injection via flights.php departure_airport_id Parameter
CVSS 6.3
CVE-2024-7498
HIGH
Airline Reservation System 1.0 - SQL Injection via Admin Login Page Username Parameter
CVSS 7.3
CVE-2024-7494
MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via new_prescription.php Patient Parameter
CVSS 6.3
CVE-2024-40498
CRITICAL
PuneethReddyHC Online Shopping <1.0 - SQL Injection
CVSS 9.8
CVE-2024-7461
HIGH
ForIP Tecnologia Administrao PABX 1.x - SQL Injection via /authMonitCallcenter User Parameter
CVSS 7.3
CVE-2024-7455
MEDIUM
Tailoring Management System 1.0 - SQL Injection via partedit.php id Parameter
CVSS 6.3
CVE-2024-7454
MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via patient_name Parameter in patients.php
CVSS 6.3
CVE-2024-7452
MEDIUM
Placement Management System 1.0 - SQL Injection via view_company.php id Parameter
CVSS 6.3
CVE-2024-7451
MEDIUM
Placement Management System 1.0 - SQL Injection via apply_now.php id Parameter
CVSS 6.3
CVE-2024-7449
HIGH
Placement Management System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-7446
MEDIUM
Ticket Reservation System 1.0 - SQL Injection via prefSeat_id Parameter
CVSS 4.7
CVE-2024-7445
MEDIUM
Ticket Reservation System 1.0 - SQL Injection via checkout_ticket_save.php data Parameter
CVSS 4.7
CVE-2024-7444
HIGH
Ticket Reservation System 1.0 - SQL Injection via Login Page Username Parameter
CVSS 7.3
CVE-2024-38889
CRITICAL
Caterease 16.0.1.1663-24.0.1.2405 - SQL Injection
CVSS 9.8
CVE-2024-28298
HIGH
BMPlanning 1.0.0.1 - Authenticated SQL Injection via SEC_IDF Parameter
CVSS 8.8
CVE-2024-28297
HIGH
AzureSoft MyHorus 4.3.5 - SQL Injection
CVSS 7.5
CVE-2024-7378
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_question.php id Parameter
CVSS 6.3
CVE-2024-7377
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via qid Parameter in view_result.php
CVSS 6.3
CVE-2024-7376
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /print_quiz_records.php id Parameter
CVSS 6.3
CVE-2024-7375
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via quiz Parameter in my_quiz_result.php
CVSS 6.3
CVE-2024-7374
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_user.php id Parameter
CVSS 6.3
CVE-2024-7373
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via ajax.php id Parameter
CVSS 6.3
CVE-2024-7372
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via Quiz Parameter in quiz_board.php
CVSS 6.3
CVE-2024-7371
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via quiz_view.php id Parameter
CVSS 6.3
CVE-2024-7370
MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_quiz.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,710
Exploit Likelihood
High