CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,715 vulnerabilities with CWE-89
CVE-2024-5325 HIGH
Form Vibes WordPress <1.4.10 - SQL Injection
CVSS 8.8
CVE-2024-6353 HIGH
Wallet for WooCommerce <1.5.4 - SQL Injection
CVSS 8.8
CVE-2024-6681 MEDIUM
witmy my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6680 MEDIUM
my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6679 MEDIUM
my-springsecurity-plus <2024-07-04 - SQL Injection
CVSS 6.3
CVE-2024-6666 HIGH
WP ERP <= 1.13.0 - Authenticated SQL Injection via vendor_id and status Parameters
CVSS 8.8
CVE-2024-22280 HIGH
VMware Aria Automation - SQL Injection
CVSS 8.5
CVE-2024-6676 MEDIUM
witmy my-springsecurity-plus - SQL Injection
CVSS 6.3
CVE-2024-6653 HIGH
Simple Task List 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6652 MEDIUM
itsourcecode Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-37148 HIGH
GLPI 0.84-10.0.15 - Authenticated SQL Injection via AJAX Scripts
CVSS 8.1
CVE-2024-5792 HIGH
Houzez CRM < 1.4.2 - Authenticated Time-Based SQL Injection via Notes 'belong_to' Parameter
CVSS 8.8
CVE-2024-39072 MEDIUM
AMTT HiBOS 3.0.3.151204 - SQL Injection via manager/conference/calendar_remind.php
CVSS 5.5
CVE-2024-37873 CRITICAL
Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-37872 HIGH
Itsourcecode Billing System in PHP 1.0 - SQL Injection via Username Parameter
CVSS 8.1
CVE-2024-37871 HIGH
Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 - SQL Injection via Email Parameter
CVSS 8.2
CVE-2024-37870 CRITICAL
Learning Management System Project In PHP With Source Code 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-6527 CRITICAL
MegaBIP <= 5.13 - SQL Injection via druk.php w Parameter
CVE-2024-37090 HIGH
StylemixThemes Masterstudy and Consulting Elementor Widgets <= 1.2.2/1.3.0 - SQL Injection
CVSS 8.5
CVE-2024-3604 CRITICAL
OSM - OpenStreetMap <= 6.0.3 - Authenticated SQL Injection via osm_map_v3 Shortcode
CVSS 9.9
CVE-2024-37494 HIGH
KaineLabs Youzify <= 1.2.5 - SQL Injection
CVSS 8.5
CVE-2024-37486 HIGH
Paid Memberships Pro < 3.0.5 - Authenticated SQL Injection
CVSS 7.6
CVE-2024-37256 HIGH
Tutor LMS < 2.7.1 - SQL Injection
CVSS 7.6
CVE-2024-37225 HIGH
Zoho Marketing Automation < 1.2.7 - SQL Injection
CVSS 8.5
CVE-2024-37112 CRITICAL
WishList Member X < 3.26.7 - Unauthenticated SQL Injection
CVSS 10.0
Details
Vulnerabilities 19,715
Exploit Likelihood High