CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-6956
MEDIUM
University Management System 1.0 - SQL Injection via VR/VN Parameter in /view_cgpa.php
CVSS 6.3
CVE-2024-6953
MEDIUM
Tailoring Management System 1.0 - SQL Injection via customer Parameter in sms.php
CVSS 6.3
CVE-2024-6952
MEDIUM
University Management System 1.0 - SQL Injection via seme Parameter
CVSS 6.3
CVE-2024-6951
MEDIUM
Simple Online Book Store System 1.0 - SQL Injection via admin_delete.php bookisbn Parameter
CVSS 6.3
CVE-2024-6933
MEDIUM
LimeSurvey 6.5.14-6.6.2 - SQL Injection via Survey General Settings Language Parameter
CVSS 6.3
CVE-2024-6497
HIGH
SEO Plugin by Squirrly SEO plugin for WordPress <12.3.19 - XSS
CVSS 8.8
CVE-2024-6906
MEDIUM
Record Management System 1.0 - SQL Injection via add_leave_non_user.php LSS Parameter
CVSS 6.3
CVE-2024-6905
MEDIUM
Record Management System 1.0 - SQL Injection via view_info_user.php id Parameter
CVSS 6.3
CVE-2024-6904
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection via sort2_user.php Qualification Argument
CVSS 6.3
CVE-2024-6903
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection via sort1_user.php Position Parameter
CVSS 6.3
CVE-2024-6902
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6338
HIGH
FV Flowplayer Video Player <7.5.46.7212 - SQL Injection
CVSS 8.8
CVE-2024-6901
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6900
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6205
CRITICAL
PayPlus Payment Gateway <6.6.9 - SQL Injection
CVSS 9.8
CVE-2024-6899
MEDIUM
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6898
HIGH
SourceCodester Record Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-0857
CRITICAL
Universal Software Inc. FlexWater <5.452.0 - SQL Injection
CVSS 9.8
CVE-2024-39911
CRITICAL
1panel 1.10.10-lts-1.10.11-lts - SQL Injection via User-Agent Handling
CVSS 10.0
CVE-2024-39907
CRITICAL
1Panel 1.10.9-lts-1.10.12-lts and 1Panel-dev 0-1.10.12-tls - SQL Injection and Arbitrary File Write
CVSS 9.8
CVE-2024-40402
MEDIUM
Sourcecodester Simple Library Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6830
MEDIUM
SourceCodester Simple Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6808
HIGH
itsourcecode Simple Task List 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6803
MEDIUM
itsourcecode Document Management System 1.0 - SQL Injection
CVSS 5.5
CVE-2024-6802
MEDIUM
Computer Laboratory Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
Details
Vulnerabilities
19,715
Exploit Likelihood
High