CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-7282 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/manage_model.php id Parameter
CVSS 6.3
CVE-2024-7281 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /admin/index.php?page=manage_lot id Parameter
CVSS 6.3
CVE-2024-7280 MEDIUM
Oretnom23 Lot Reservation Management System - SQL Injection
CVSS 6.3
CVE-2024-7279 HIGH
Lot Reservation Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7278 MEDIUM
restaurant_management_system - SQL Injection via team Parameter in /admin/team_save.php
CVSS 4.7
CVE-2024-7276 MEDIUM
restaurant_management_system - SQL Injection via last/first Parameter in member_save.php
CVSS 4.7
CVE-2024-7275 MEDIUM
Alton Management System 1.0 - SQL Injection via Category Parameter
CVSS 4.7
CVE-2024-7274 MEDIUM
itsourcecode Alton Management System 1.0 - SQL Injection via Reservation Status rcode Parameter
CVSS 4.7
CVE-2024-7273 MEDIUM
restaurant_management_system - SQL Injection via search.php rcode Parameter
CVSS 6.3
CVE-2024-41944 MEDIUM
Xibo <3.3.12, <4.0.14 - SQL Injection
CVSS 6.5
CVE-2024-41915 HIGH
ClearPass Policy Manager 6.11.0-6.11.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-41804 MEDIUM
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Column Formula Parameter
CVSS 6.5
CVE-2024-41803 MEDIUM
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Filtering API
CVSS 4.9
CVE-2024-41802 HIGH
Xibo 2.1.0-3.3.12 - Authenticated SQL Injection via DataSet Filtering API
CVSS 8.1
CVE-2024-6699 CRITICAL
Mikafon MA7 3.0-3.1 - SQL Injection
CVSS 9.8
CVE-2024-41702 CRITICAL
SiberianCMS < 5.0.11 - SQL Injection
CVSS 9.8
CVE-2024-7224 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /lot_details.php id Parameter
CVSS 6.3
CVE-2024-7223 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /view_model.php id Parameter
CVSS 6.3
CVE-2024-7222 MEDIUM
Lot Reservation Management System 1.0 - SQL Injection via /home.php Type Parameter
CVSS 6.3
CVE-2024-7221 MEDIUM
School Log Management System 1.0 - SQL Injection via ID Parameter in manage_user.php
CVSS 6.3
CVE-2024-7220 MEDIUM
School Log Management System 1.0 - SQL Injection via tbl Parameter in print_barcode.php
CVSS 6.3
CVE-2024-7219 HIGH
School Log Management System 1.0 - SQL Injection via Username Parameter in /admin/ajax.php
CVSS 7.3
CVE-2024-5975 CRITICAL
CZ Loan Management < 1.1 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.1
CVE-2024-5765 CRITICAL
WpStickyBar < 2.1.0 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2024-37858 CRITICAL
Lost and Found Information System 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities 19,715
Exploit Likelihood High