CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-7118 MEDIUM
Online-Payroll-Management-System <= 20230911 - SQL Injection via department_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7117 MEDIUM
MD-MAFUJUL-HASAN Online-Payroll-Management-System - SQL Injection via shift_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7116 MEDIUM
Online-Payroll-Management-System - SQL Injection via branch_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7115 MEDIUM
Online-Payroll-Management-System up to 20230911 - SQL Injection via designation_viewmore.php id Parameter
CVSS 6.3
CVE-2024-7114 MEDIUM
Tianchoy Blog < 1.8.8 - SQL Injection via /so.php search Parameter
CVSS 6.3
CVE-2024-7105 MEDIUM
ForIP Tecnologia Administrao PABX 1.x - SQL Injection via Lista Ura Page id Parameter
CVSS 6.3
CVE-2024-38289 CRITICAL
R-HUB TurboMeeting <8.x - SQL Injection
CVSS 9.8
CVE-2024-7101 HIGH
ForIP Tecnologia Administração PABX 1.x - SQL Injection
CVSS 7.3
CVE-2024-7081 MEDIUM
Tailoring Management System 1.0 - SQL Injection via expcatadd.php id/title Parameter
CVSS 6.3
CVE-2024-41551 CRITICAL
CampCodes Supplier Management System 1.0 - SQL Injection via view_order_items.php id Parameter
CVSS 9.8
CVE-2024-41550 HIGH
CampCodes Supplier Management System v1.0 - SQL Injection via view_invoice_items.php id Parameter
CVSS 7.2
CVE-2024-7069 MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-40502 CRITICAL
Hospital Management System Project - ASP.Net MVC 1 - RCE
CVSS 9.8
CVE-2024-39250 CRITICAL
EfroTech Timetrax v8.3 - Unauthenticated SQL Injection via Search q Parameter
CVSS 9.8
CVE-2024-38788 HIGH
UiPress lite < 3.4.06 - SQL Injection
CVSS 7.6
CVE-2024-38773 CRITICAL
FormLift for Infusionsoft Web Forms <= 7.5.17 - Unauthenticated Blind SQL Injection
CVSS 9.3
CVE-2024-38755 HIGH
Designinvento DirectoryPress <3.6.10 - SQL Injection
CVSS 8.5
CVE-2024-38708 HIGH
UkrSolution Barcode Scanner <1.6.1 - SQL Injection
CVSS 8.5
CVE-2024-38692 HIGH
Spiffy Calendar <4.9.11 - SQL Injection
CVSS 7.6
CVE-2024-6970 MEDIUM
Tailoring Management System 1.0 - SQL Injection via /staffcatadd.php title Parameter
CVSS 6.3
CVE-2024-6969 MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via patient_id Parameter
CVSS 6.3
CVE-2024-6968 MEDIUM
Clinics Patient Management System 1.0 - SQL Injection via Print Patients Visits Page
CVSS 6.3
CVE-2024-6967 MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via 'id' Parameter
CVSS 6.3
CVE-2024-6966 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Login Component
CVSS 7.3
CVE-2024-6957 HIGH
University Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
Details
Vulnerabilities 19,715
Exploit Likelihood High