CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,710 vulnerabilities with CWE-89
CVE-2024-7499 MEDIUM
Airline Reservation System 1.0 - SQL Injection via flights.php departure_airport_id Parameter
CVSS 6.3
CVE-2024-7498 HIGH
Airline Reservation System 1.0 - SQL Injection via Admin Login Page Username Parameter
CVSS 7.3
CVE-2024-7494 MEDIUM
Clinic's Patient Management System 1.0 - SQL Injection via new_prescription.php Patient Parameter
CVSS 6.3
CVE-2024-40498 CRITICAL
PuneethReddyHC Online Shopping <1.0 - SQL Injection
CVSS 9.8
CVE-2024-7461 HIGH
ForIP Tecnologia Administrao PABX 1.x - SQL Injection via /authMonitCallcenter User Parameter
CVSS 7.3
CVE-2024-7455 MEDIUM
Tailoring Management System 1.0 - SQL Injection via partedit.php id Parameter
CVSS 6.3
CVE-2024-7454 MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via patient_name Parameter in patients.php
CVSS 6.3
CVE-2024-7452 MEDIUM
Placement Management System 1.0 - SQL Injection via view_company.php id Parameter
CVSS 6.3
CVE-2024-7451 MEDIUM
Placement Management System 1.0 - SQL Injection via apply_now.php id Parameter
CVSS 6.3
CVE-2024-7449 HIGH
Placement Management System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-7446 MEDIUM
Ticket Reservation System 1.0 - SQL Injection via prefSeat_id Parameter
CVSS 4.7
CVE-2024-7445 MEDIUM
Ticket Reservation System 1.0 - SQL Injection via checkout_ticket_save.php data Parameter
CVSS 4.7
CVE-2024-7444 HIGH
Ticket Reservation System 1.0 - SQL Injection via Login Page Username Parameter
CVSS 7.3
CVE-2024-38889 CRITICAL
Caterease 16.0.1.1663-24.0.1.2405 - SQL Injection
CVSS 9.8
CVE-2024-28298 HIGH
BMPlanning 1.0.0.1 - Authenticated SQL Injection via SEC_IDF Parameter
CVSS 8.8
CVE-2024-28297 HIGH
AzureSoft MyHorus 4.3.5 - SQL Injection
CVSS 7.5
CVE-2024-7378 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_question.php id Parameter
CVSS 6.3
CVE-2024-7377 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via qid Parameter in view_result.php
CVSS 6.3
CVE-2024-7376 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /print_quiz_records.php id Parameter
CVSS 6.3
CVE-2024-7375 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via quiz Parameter in my_quiz_result.php
CVSS 6.3
CVE-2024-7374 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_user.php id Parameter
CVSS 6.3
CVE-2024-7373 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via ajax.php id Parameter
CVSS 6.3
CVE-2024-7372 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via Quiz Parameter in quiz_board.php
CVSS 6.3
CVE-2024-7371 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via quiz_view.php id Parameter
CVSS 6.3
CVE-2024-7370 MEDIUM
Simple Realtime Quiz System 1.0 - SQL Injection via /manage_quiz.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,710
Exploit Likelihood High