CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-37857 HIGH
Lost and Found Information System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2024-6748 HIGH
Zohocorp ManageEngine <128317 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-37906 CRITICAL
Admidio < 4.3.9 - Authenticated SQL Injection via ecard_recipients POST Parameter
CVSS 9.9
CVE-2024-7199 MEDIUM
Complaints Report Management System 1.0 - SQL Injection via /admin/manage_user.php id Parameter
CVSS 6.3
CVE-2024-7198 MEDIUM
Complaints Report Management System 1.0 - SQL Injection via /admin/manage_station.php id Parameter
CVSS 6.3
CVE-2024-7197 MEDIUM
SourceCodester Complaints Report Management System 1.0 - SQL Injection via /admin/manage_complaint.php id Parameter
CVSS 6.3
CVE-2024-7196 HIGH
Complaints Report Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7195 MEDIUM
Society Management System 1.0 - SQL Injection via Username Parameter in check_admin.php
CVSS 6.3
CVE-2024-7194 MEDIUM
Society Management System 1.0 - SQL Injection via check_student.php student_id Parameter
CVSS 6.3
CVE-2024-7191 MEDIUM
Society Management System 1.0 - SQL Injection via student_id Parameter in get_balance.php
CVSS 6.3
CVE-2024-7190 MEDIUM
Society Management System 1.0 - SQL Injection via expenses_id Parameter
CVSS 6.3
CVE-2024-7188 HIGH
Bylancer Quicklancer 2.4 - SQL Injection via GET Parameter range2
CVSS 7.3
CVE-2024-37381 HIGH
Ivanti Endpoint Manager 2024 - Authenticated SQL Injection
CVSS 8.0
CVE-2024-7202 CRITICAL
WinMatrix3 < 1.2.35.3 - Unauthenticated SQL Injection via Query Functionality
CVSS 9.8
CVE-2024-7201 CRITICAL
WinMatrix3 < 1.2.33.3 - Unauthenticated SQL Injection via Login Functionality
CVSS 9.8
CVE-2024-7168 MEDIUM
SourceCodester School Fees Payment System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7167 MEDIUM
SourceCodester School Fees Payment System 1.0 - SQL Injection via manage_course.php id Parameter
CVSS 6.3
CVE-2024-7166 MEDIUM
School Fees Payment System 1.0 - SQL Injection via receipt.php ef_id Parameter
CVSS 6.3
CVE-2024-7165 MEDIUM
School Fees Payment System 1.0 - SQL Injection via ef_id Parameter
CVSS 6.3
CVE-2024-7164 HIGH
SourceCodester School Fees Payment System 1.0 - SQL Injection via Username Parameter in Login Action
CVSS 7.3
CVE-2024-39304 HIGH
ChurchCRM < 5.9.2 - Authenticated SQL Injection via EID Parameter in GetText.php
CVSS 8.8
CVE-2024-38872 HIGH
ManageEngine Exchange Reporter Plus <= 5717 - Authenticated SQL Injection in Monitoring Module
CVSS 8.3
CVE-2024-38871 HIGH
ManageEngine Exchange Reporter Plus <= 5717 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-40689 MEDIUM
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 6.0
CVE-2024-7119 MEDIUM
Online-Payroll-Management-System - SQL Injection via id Parameter in employee_viewmore.php
CVSS 6.3
Details
Vulnerabilities 19,715
Exploit Likelihood High