CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,710 vulnerabilities with CWE-89
CVE-2024-7369 HIGH
Simple Realtime Quiz System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7366 HIGH
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7365 MEDIUM
Tracking Monitoring Management System 1.0 - SQL Injection via /manage_establishment.php id Parameter
CVSS 6.3
CVE-2024-7364 MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via /manage_records.php id Parameter
CVSS 6.3
CVE-2024-7363 MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via /manage_person.php id Parameter
CVSS 6.3
CVE-2024-7362 MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7361 MEDIUM
SourceCodester Tracking Monitoring Management System 1.0 - SQL Injection via id Parameter in /ajax.php
CVSS 6.3
CVE-2024-5678 MEDIUM
ManageEngine Applications Manager <= 170900 - Authenticated SQL Injection in Create Monitor Feature
CVSS 4.7
CVE-2024-7327 MEDIUM
RockOA Xinhu 2.6.2 - SQL Injection via nickName Parameter in openmodhetongAction.php
CVSS 6.3
CVE-2024-7320 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Admin Login User Parameter
CVSS 7.3
CVE-2024-7311 HIGH
Online Bus Reservation Site 1.0 - SQL Injection via Email Parameter in register.php
CVSS 7.3
CVE-2024-7308 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /view_bill.php id Parameter
CVSS 6.3
CVE-2024-7307 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_billing.php id Parameter
CVSS 6.3
CVE-2024-7306 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_block.php id Parameter
CVSS 6.3
CVE-2024-7290 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_tenant.php id Parameter
CVSS 6.3
CVE-2024-7289 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_payment.php id Parameter
CVSS 6.3
CVE-2024-7288 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /ajax.php id Parameter
CVSS 6.3
CVE-2024-7287 MEDIUM
SourceCodester Establishment Billing Management System 1.0 - SQL Injection via /manage_user.php id Parameter
CVSS 6.3
CVE-2024-7286 HIGH
Establishment Billing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2024-7283 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_user.php id Parameter
CVSS 6.3
CVE-2024-7282 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_model.php id Parameter
CVSS 6.3
CVE-2024-7281 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/index.php?page=manage_lot id Parameter
CVSS 6.3
CVE-2024-7280 MEDIUM
Oretnom23 Lot Reservation Management System - SQL Injection
CVSS 6.3
CVE-2024-7279 HIGH
Lot Reservation Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7278 MEDIUM
restaurant_management_system - SQL Injection via team Parameter in /admin/team_save.php
CVSS 4.7
Details
Vulnerabilities 19,710
Exploit Likelihood High