CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-40637 MEDIUM
dbt_core < 1.6.14 - Code Injection via Malicious Package Override
CVSS 4.2
CVE-2024-40456 CRITICAL
ThinkSAAS 3.7.0 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2024-40393 CRITICAL
Online Clinic Management System <1.0 - SQL Injection
CVSS 9.8
CVE-2024-40392 CRITICAL
SourceCodester Pharmacy - SQL Injection
CVSS 9.8
CVE-2024-40322 HIGH
JFinalCMS 5.0.0 - SQL Injection via /admin/div_data/data
CVSS 8.8
CVE-2024-6457 CRITICAL
HUSKY - Products Filter Professional - SQL Injection
CVSS 9.8
CVE-2024-39887 MEDIUM
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
CVSS 4.3
CVE-2024-40560 HIGH
Tmall_demo <v2024.07.03 - SQL Injection
CVSS 7.3
CVE-2024-6745 HIGH
Simple Ticket Booking 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6743 CRITICAL
AguardNet's Space Management System - SQL Injection
CVSS 9.8
CVE-2024-6736 MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via view_employee.php id Parameter
CVSS 6.3
CVE-2024-6735 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6734 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6733 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6732 MEDIUM
Student Study Center Desk Management System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2024-6731 MEDIUM
Student Study Center Desk Management System 1.0 - SQL Injection via /Master.php id Parameter
CVSS 6.3
CVE-2024-6729 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via aname Parameter
CVSS 6.3
CVE-2024-6728 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-40542 CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40541 CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40540 CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-40539 CRITICAL
my-springsecurity-plus <2024.07.03 - SQL Injection
CVSS 9.8
CVE-2024-39909 MEDIUM
KubeClarity < 2.23.1 - SQL Injection via packageID Parameter
CVSS 6.5
CVE-2024-37933 CRITICAL
Woocommerce OpenPos <6.4.4 - SQL Injection
CVSS 9.3
CVE-2024-37564 HIGH
PayPlus Payment Gateway <7.0.7 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,715
Exploit Likelihood High