CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-7282
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_model.php id Parameter
CVSS 6.3
CVE-2024-7281
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/index.php?page=manage_lot id Parameter
CVSS 6.3
CVE-2024-7280
MEDIUM
Oretnom23 Lot Reservation Management System - SQL Injection
CVSS 6.3
CVE-2024-7279
HIGH
Lot Reservation Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7278
MEDIUM
restaurant_management_system - SQL Injection via team Parameter in /admin/team_save.php
CVSS 4.7
CVE-2024-7276
MEDIUM
restaurant_management_system - SQL Injection via last/first Parameter in member_save.php
CVSS 4.7
CVE-2024-7275
MEDIUM
Alton Management System 1.0 - SQL Injection via Category Parameter
CVSS 4.7
CVE-2024-7274
MEDIUM
itsourcecode Alton Management System 1.0 - SQL Injection via Reservation Status rcode Parameter
CVSS 4.7
CVE-2024-7273
MEDIUM
restaurant_management_system - SQL Injection via search.php rcode Parameter
CVSS 6.3
CVE-2024-41944
MEDIUM
Xibo <3.3.12, <4.0.14 - SQL Injection
CVSS 6.5
CVE-2024-41915
HIGH
ClearPass Policy Manager 6.11.0-6.11.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-41804
MEDIUM
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Column Formula Parameter
CVSS 6.5
CVE-2024-41803
MEDIUM
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Filtering API
CVSS 4.9
CVE-2024-41802
HIGH
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Filtering API
CVSS 8.1
CVE-2024-6699
CRITICAL
Mikafon MA7 3.0-3.1 - SQL Injection
CVSS 9.8
CVE-2024-41702
CRITICAL
SiberianCMS < 5.0.11 - SQL Injection
CVSS 9.8
CVE-2024-7224
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /lot_details.php id Parameter
CVSS 6.3
CVE-2024-7223
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /view_model.php id Parameter
CVSS 6.3
CVE-2024-7222
MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /home.php Type Parameter
CVSS 6.3
CVE-2024-7221
MEDIUM
School Log Management System 1.0 - SQL Injection via ID Parameter in manage_user.php
CVSS 6.3
CVE-2024-7220
MEDIUM
School Log Management System 1.0 - SQL Injection via tbl Parameter in print_barcode.php
CVSS 6.3
CVE-2024-7219
HIGH
School Log Management System 1.0 - SQL Injection via Username Parameter in /admin/ajax.php
CVSS 7.3
CVE-2024-5975
CRITICAL
CZ Loan Management < 1.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.1
CVE-2024-5765
CRITICAL
WpStickyBar < 2.1.0 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-37858
CRITICAL
Lost and Found Information System 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities
19,715
Exploit Likelihood
High