CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-40637
MEDIUM
dbt_core < 1.6.14 - Code Injection via Malicious Package Override
CVSS 4.2
CVE-2024-40456
CRITICAL
ThinkSAAS 3.7.0 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2024-40393
CRITICAL
Online Clinic Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-40392
CRITICAL
SourceCodester Pharmacy - SQL Injection
CVSS 9.8
CVE-2024-40322
HIGH
JFinalCMS 5.0.0 - SQL Injection via /admin/div_data/data
CVSS 8.8
CVE-2024-6457
CRITICAL
HUSKY - Products Filter Professional - SQL Injection
CVSS 9.8
CVE-2024-39887
MEDIUM
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
CVSS 4.3
CVE-2024-40560
HIGH
Tmall_demo <v2024.07.03 - SQL Injection
CVSS 7.3
CVE-2024-6745
HIGH
Simple Ticket Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6743
CRITICAL
AguardNet's Space Management System - SQL Injection
CVSS 9.8
CVE-2024-6736
MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via view_employee.php id Parameter
CVSS 6.3
CVE-2024-6735
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6734
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6733
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6732
MEDIUM
Student Study Center Desk Management System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2024-6731
MEDIUM
Student Study Center Desk Management System 1.0 - SQL Injection via /Master.php id Parameter
CVSS 6.3
CVE-2024-6729
MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via aname Parameter
CVSS 6.3
CVE-2024-6728
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-40542
CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40541
CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40540
CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40539
CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-39909
MEDIUM
KubeClarity < 2.23.1 - SQL Injection via packageID Parameter
CVSS 6.5
CVE-2024-37933
CRITICAL
Woocommerce OpenPos <6.4.4 - SQL Injection
CVSS 9.3
CVE-2024-37564
HIGH
PayPlus Payment Gateway <7.0.7 - SQL Injection
CVSS 8.5
Details
Vulnerabilities
19,715
Exploit Likelihood
High