CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-37857
HIGH
Lost and Found Information System 1.0 - SQL Injection via id Parameter
CVSS 8.8
CVE-2024-6748
HIGH
Zohocorp ManageEngine <128317 - Authenticated SQL Injection
CVSS 8.3
CVE-2024-37906
CRITICAL
Admidio < 4.3.9 - Authenticated SQL Injection via ecard_recipients POST Parameter
CVSS 9.9
CVE-2024-7199
MEDIUM
Complaints Report Management System 1.0 - SQL Injection via /admin/manage_user.php id Parameter
CVSS 6.3
CVE-2024-7198
MEDIUM
Complaints Report Management System 1.0 - SQL Injection via /admin/manage_station.php id Parameter
CVSS 6.3
CVE-2024-7197
MEDIUM
SourceCodester Complaints Report Management System 1.0 - SQL Injection via /admin/manage_complaint.php id Parameter
CVSS 6.3
CVE-2024-7196
HIGH
Complaints Report Management System 1.0 - SQL Injection via Username Parameter in Admin Login
CVSS 7.3
CVE-2024-7195
MEDIUM
Society Management System 1.0 - SQL Injection via Username Parameter in check_admin.php
CVSS 6.3
CVE-2024-7194
MEDIUM
Society Management System 1.0 - SQL Injection via check_student.php student_id Parameter
CVSS 6.3
CVE-2024-7191
MEDIUM
Society Management System 1.0 - SQL Injection via student_id Parameter in get_balance.php
CVSS 6.3
CVE-2024-7190
MEDIUM
Society Management System 1.0 - SQL Injection via expenses_id Parameter
CVSS 6.3
CVE-2024-7188
HIGH
Bylancer Quicklancer 2.4 - SQL Injection via GET Parameter range2
CVSS 7.3
CVE-2024-37381
HIGH
Ivanti Endpoint Manager 2024 - Authenticated SQL Injection
CVSS 8.0
CVE-2024-7202
CRITICAL
WinMatrix3 < 1.2.35.3 - Unauthenticated SQL Injection via Query Functionality
CVSS 9.8
CVE-2024-7201
CRITICAL
WinMatrix3 < 1.2.33.3 - Unauthenticated SQL Injection via Login Functionality
CVSS 9.8
CVE-2024-7168
MEDIUM
SourceCodester School Fees Payment System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-7167
MEDIUM
SourceCodester School Fees Payment System 1.0 - SQL Injection via manage_course.php id Parameter
CVSS 6.3
CVE-2024-7166
MEDIUM
School Fees Payment System 1.0 - SQL Injection via receipt.php ef_id Parameter
CVSS 6.3
CVE-2024-7165
MEDIUM
School Fees Payment System 1.0 - SQL Injection via ef_id Parameter
CVSS 6.3
CVE-2024-7164
HIGH
SourceCodester School Fees Payment System 1.0 - SQL Injection via Username Parameter in Login Action
CVSS 7.3
CVE-2024-39304
HIGH
ChurchCRM < 5.9.2 - Authenticated SQL Injection via EID Parameter in GetText.php
CVSS 8.8
CVE-2024-38872
HIGH
ManageEngine Exchange Reporter Plus <= 5717 - Authenticated SQL Injection in Monitoring Module
CVSS 8.3
CVE-2024-38871
HIGH
ManageEngine Exchange Reporter Plus <= 5717 - Authenticated SQL Injection in Reports Module
CVSS 8.3
CVE-2024-40689
MEDIUM
IBM InfoSphere Information Server 11.7 - SQL Injection
CVSS 6.0
CVE-2024-7119
MEDIUM
Online-Payroll-Management-System - SQL Injection via id Parameter in employee_viewmore.php
CVSS 6.3
Details
Vulnerabilities
19,715
Exploit Likelihood
High