CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-7118
MEDIUM
Online-Payroll-Management-System <= 20230911 - SQL Injection via department_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7117
MEDIUM
MD-MAFUJUL-HASAN Online-Payroll-Management-System - SQL Injection via shift_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7116
MEDIUM
Online-Payroll-Management-System - SQL Injection via branch_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7115
MEDIUM
Online-Payroll-Management-System up to 20230911 - SQL Injection via designation_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7114
MEDIUM
Tianchoy Blog < 1.8.8 - SQL Injection via /so.php search Parameter
CVSS 6.3
CVE-2024-7105
MEDIUM
ForIP Tecnologia Administrao PABX 1.x - SQL Injection via Lista Ura Page id Parameter
CVSS 6.3
CVE-2024-38289
CRITICAL
R-HUB TurboMeeting <8.x - SQL Injection
CVSS 9.8
CVE-2024-7101
HIGH
ForIP Tecnologia Administração PABX 1.x - SQL Injection
CVSS 7.3
CVE-2024-7081
MEDIUM
Tailoring Management System 1.0 - SQL Injection via expcatadd.php id/title Parameter
CVSS 6.3
CVE-2024-41551
CRITICAL
CampCodes Supplier Management System 1.0 - SQL Injection via view_order_items.php id Parameter
CVSS 9.8
CVE-2024-41550
HIGH
CampCodes Supplier Management System v1.0 - SQL Injection via view_invoice_items.php id Parameter
CVSS 7.2
CVE-2024-7069
MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-40502
CRITICAL
Hospital Management System Project - ASP.Net MVC 1 - RCE
CVSS 9.8
CVE-2024-39250
CRITICAL
EfroTech Timetrax v8.3 - Unauthenticated SQL Injection via Search q Parameter
CVSS 9.8
CVE-2024-38788
HIGH
UiPress lite < 3.4.06 - SQL Injection
CVSS 7.6
CVE-2024-38773
CRITICAL
FormLift for Infusionsoft Web Forms <= 7.5.17 - Unauthenticated Blind SQL Injection
CVSS 9.3
CVE-2024-38755
HIGH
Designinvento DirectoryPress <3.6.10 - SQL Injection
CVSS 8.5
CVE-2024-38708
HIGH
UkrSolution Barcode Scanner <1.6.1 - SQL Injection
CVSS 8.5
CVE-2024-38692
HIGH
Spiffy Calendar <4.9.11 - SQL Injection
CVSS 7.6
CVE-2024-6970
MEDIUM
Tailoring Management System 1.0 - SQL Injection via /staffcatadd.php title Parameter
CVSS 6.3
CVE-2024-6969
MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via patient_id Parameter
CVSS 6.3
CVE-2024-6968
MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via Print Patients Visits Page
CVSS 6.3
CVE-2024-6967
MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via 'id' Parameter
CVSS 6.3
CVE-2024-6966
HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Login Component
CVSS 7.3
CVE-2024-6957
HIGH
University Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
Details
Vulnerabilities
19,715
Exploit Likelihood
High