CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,715 vulnerabilities with CWE-89
CVE-2024-5325
HIGH
Form Vibes WordPress <1.4.10 - SQL Injection
CVSS 8.8
CVE-2024-6353
HIGH
Wallet for WooCommerce <1.5.4 - SQL Injection
CVSS 8.8
CVE-2024-6681
MEDIUM
witmy my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6680
MEDIUM
my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6679
MEDIUM
my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6666
HIGH
WP ERP <= 1.13.0 - Authenticated SQL Injection via vendor_id and status Parameters
CVSS 8.8
CVE-2024-22280
HIGH
VMware Aria Automation - SQL Injection
CVSS 8.5
CVE-2024-6676
MEDIUM
witmy my-springsecurity-plus - SQL Injection
CVSS 6.3
CVE-2024-6653
HIGH
Simple Task List 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6652
MEDIUM
itsourcecode Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-37148
HIGH
GLPI 0.84-10.0.15 - Authenticated SQL Injection via AJAX Scripts
CVSS 8.1
CVE-2024-5792
HIGH
Houzez CRM < 1.4.2 - Authenticated Time-Based SQL Injection via Notes 'belong_to' Parameter
CVSS 8.8
CVE-2024-39072
MEDIUM
AMTT HiBOS 3.0.3.151204 - SQL Injection via manager/conference/calendar_remind.php
CVSS 5.5
CVE-2024-37873
CRITICAL
Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-37872
HIGH
Itsourcecode Billing System in PHP 1.0 - SQL Injection via Username Parameter
CVSS 8.1
CVE-2024-37871
HIGH
Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 - SQL Injection via Email Parameter
CVSS 8.2
CVE-2024-37870
CRITICAL
Learning Management System Project In PHP With Source Code 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-6527
CRITICAL
MegaBIP <= 5.13 - SQL Injection via druk.php w Parameter
CVE-2024-37090
HIGH
StylemixThemes Masterstudy and Consulting Elementor Widgets <= 1.2.2/1.3.0 - SQL Injection
CVSS 8.5
CVE-2024-3604
CRITICAL
OSM - OpenStreetMap <= 6.0.3 - Authenticated SQL Injection via osm_map_v3 Shortcode
CVSS 9.9
CVE-2024-37494
HIGH
KaineLabs Youzify <= 1.2.5 - SQL Injection
CVSS 8.5
CVE-2024-37486
HIGH
Paid Memberships Pro < 3.0.5 - Authenticated SQL Injection
CVSS 7.6
CVE-2024-37256
HIGH
Tutor LMS < 2.7.1 - SQL Injection
CVSS 7.6
CVE-2024-37225
HIGH
Zoho Marketing Automation < 1.2.7 - SQL Injection
CVSS 8.5
CVE-2024-37112
CRITICAL
WishList Member X < 3.26.7 - Unauthenticated SQL Injection
CVSS 10.0
Details
Vulnerabilities
19,715
Exploit Likelihood
High