CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-6956 MEDIUM
University Management System 1.0 - SQL Injection via VR/VN Parameter in /view_cgpa.php
CVSS 6.3
CVE-2024-6953 MEDIUM
Tailoring Management System 1.0 - SQL Injection via customer Parameter in sms.php
CVSS 6.3
CVE-2024-6952 MEDIUM
University Management System 1.0 - SQL Injection via seme Parameter
CVSS 6.3
CVE-2024-6951 MEDIUM
Simple Online Book Store System 1.0 - SQL Injection via admin_delete.php bookisbn Parameter
CVSS 6.3
CVE-2024-6933 MEDIUM
LimeSurvey 6.5.14-6.6.2 - SQL Injection via Survey General Settings Language Parameter
CVSS 6.3
CVE-2024-6497 HIGH
SEO Plugin by Squirrly SEO plugin for WordPress <12.3.19 - XSS
CVSS 8.8
CVE-2024-6906 MEDIUM
Record Management System 1.0 - SQL Injection via add_leave_non_user.php LSS Parameter
CVSS 6.3
CVE-2024-6905 MEDIUM
Record Management System 1.0 - SQL Injection via view_info_user.php id Parameter
CVSS 6.3
CVE-2024-6904 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection via sort2_user.php Qualification Argument
CVSS 6.3
CVE-2024-6903 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection via sort1_user.php Position Parameter
CVSS 6.3
CVE-2024-6902 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6338 HIGH
FV Flowplayer Video Player <7.5.46.7212 - SQL Injection
CVSS 8.8
CVE-2024-6901 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6900 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6205 CRITICAL
PayPlus Payment Gateway <6.6.9 - SQL Injection
CVSS 9.8
CVE-2024-6899 MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6898 HIGH
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-0857 CRITICAL
Universal Software Inc. FlexWater <5.452.0 - SQL Injection
CVSS 9.8
CVE-2024-39911 CRITICAL
1panel 1.10.10-lts-1.10.11-lts - SQL Injection via User-Agent Handling
CVSS 10.0
CVE-2024-39907 CRITICAL
1Panel 1.10.9-lts-1.10.12-lts and 1Panel-dev 0-1.10.12-tls - SQL Injection and Arbitrary File Write
CVSS 9.8
CVE-2024-40402 MEDIUM
Sourcecodester Simple Library Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6830 MEDIUM
SourceCodester Simple Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6808 HIGH
itsourcecode Simple Task List 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6803 MEDIUM
itsourcecode Document Management System 1.0 - SQL Injection
CVSS 5.5
CVE-2024-6802 MEDIUM
Computer Laboratory Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,715
Exploit Likelihood High