CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-37112
CRITICAL
WishList Member X < 3.26.7 - Unauthenticated SQL Injection
CVSS 10.0
CVE-2024-6166
HIGH
Unlimited Elements For Elementor <1.5.112 - SQL Injection
CVSS 8.8
CVE-2024-5793
HIGH
Houzez Theme - Functionality <3.2.2 - SQL Injection
CVSS 8.8
CVE-2024-39677
MEDIUM
NHibernate < 5.4.9 - SQL Injection via ILiteralType.ObjectToSQLString
CVSS 5.9
CVE-2024-40614
CRITICAL
EGroupware <23.1.20240624 - SQL Injection
CVSS 9.8
CVE-2024-5753
HIGH
vanna-ai/vanna 0.3.4 - Unauthenticated SQL Injection via pg_read_file()
CVSS 7.5
CVE-2024-27709
CRITICAL
Eskooly Web Product <3.0 - SQL Injection
CVSS 9.8
CVE-2024-39027
HIGH
SeaCMS v12.9 - Unauthenticated SQL Injection via cid Parameter
CVSS 7.5
CVE-2024-6471
MEDIUM
SourceCodester Online Tours & Travels Management 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6453
MEDIUM
itsourcecode Farm Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6452
MEDIUM
linlinjava litemall <1.8.0 - SQL Injection
CVSS 6.3
CVE-2024-6440
MEDIUM
Home Owners Collection Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-6438
MEDIUM
Hitout Carsale 1.0 - SQL Injection via OrderController.java orderBy Parameter
CVSS 6.3
CVE-2024-6172
CRITICAL
Email Subscribers by Icegram Express - Time-Based SQL Injection
CVSS 9.8
CVE-2024-5606
HIGH
Quiz and Survey Master < 9.0.2 - Authenticated SQL Injection via question_id Parameter
CVSS 8.8
CVE-2024-39309
CRITICAL
Parse Server < 6.5.7 and 7.0.0-7.1.0 - SQL Injection via PostgreSQL Configuration
CVSS 9.8
CVE-2024-37765
HIGH
Machform < 19 - Authenticated Blind SQL Injection in User Account Settings Page
CVSS 8.8
CVE-2024-6419
MEDIUM
SourceCodester Medicine Tracker System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6418
HIGH
SourceCodester Medicine Tracker System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6417
MEDIUM
SourceCodester Simple Online Bidding System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6416
MEDIUM
SeaCMS 12.9 - SQL Injection via dmku Edit Endpoint cid Parameter
CVSS 6.3
CVE-2024-2386
HIGH
WP Maps - Display Google Maps Perfectly with Ease <= 4.6.1 - Authenticated SQL Injection via 'id' Parameter
CVSS 8.8
CVE-2024-6265
CRITICAL
UsersWP < 1.2.10 - Unauthenticated Time-Based SQL Injection via uwp_sort_by Parameter
CVSS 9.8
CVE-2024-5827
CRITICAL
vanna-ai/vanna < latest - SQL Injection via DuckDB Integration
CVSS 9.8
CVE-2024-3816
CRITICAL
conceptintermedia s@m_cms < 3.3 - SQL Injection via Search Bar
CVSS 9.8
Details
Vulnerabilities
19,716
Exploit Likelihood
High