CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,710 vulnerabilities with CWE-89
CVE-2024-7369
HIGH
Simple Realtime Quiz System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7366
HIGH
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7365
MEDIUM
Tracking Monitoring Management System 1.0 - SQL Injection via /manage_establishment.php id Parameter
CVSS 6.3
CVE-2024-7364
MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via /manage_records.php id Parameter
CVSS 6.3
CVE-2024-7363
MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via /manage_person.php id Parameter
CVSS 6.3
CVE-2024-7362
MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7361
MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via id Parameter in /ajax.php
CVSS 6.3
CVE-2024-5678
MEDIUM
ManageEngine Applications Manager <= 170900 - Authenticated SQL Injection in Create Monitor Feature
CVSS 4.7
CVE-2024-7327
MEDIUM
RockOA Xinhu 2.6.2 - SQL Injection via nickName Parameter in openmodhetongAction.php
CVSS 6.3
CVE-2024-7320
HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Admin Login User Parameter
CVSS 7.3
CVE-2024-7311
HIGH
Online Bus Reservation Site 1.0 - SQL Injection via Email Parameter in register.php
CVSS 7.3
CVE-2024-7308
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /view_bill.php id Parameter
CVSS 6.3
CVE-2024-7307
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_billing.php id Parameter
CVSS 6.3
CVE-2024-7306
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_block.php id Parameter
CVSS 6.3
CVE-2024-7290
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_tenant.php id Parameter
CVSS 6.3
CVE-2024-7289
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_payment.php id Parameter
CVSS 6.3
CVE-2024-7288
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /ajax.php id Parameter
CVSS 6.3
CVE-2024-7287
MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_user.php id Parameter
CVSS 6.3
CVE-2024-7286
HIGH
Establishment Billing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7283
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_user.php id Parameter
CVSS 6.3
CVE-2024-7282
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_model.php id Parameter
CVSS 6.3
CVE-2024-7281
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/index.php?page=manage_lot id Parameter
CVSS 6.3
CVE-2024-7280
MEDIUM
Oretnom23 Lot Reservation Management System - SQL Injection
CVSS 6.3
CVE-2024-7279
HIGH
Lot Reservation Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7278
MEDIUM
restaurant_management_system - SQL Injection via team Parameter in /admin/team_save.php
CVSS 4.7
Details
Vulnerabilities
19,710
Exploit Likelihood
High