CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-1153
MEDIUM
Talya Informatics Travel APPS <v17.0.68 - SQL Injection
CVSS 4.6
CVE-2024-6372
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6371
HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-1839
CRITICAL
Intrado 911 Emergency Gateway Firmware - Unauthenticated Blind Time-Based SQL Injection via Login Form
CVSS 10.0
CVE-2024-4228
CRITICAL
Magarsus Consultancy SSO <1.1 - SQL Injection
CVSS 9.8
CVE-2024-37252
CRITICAL
Icegram Email Subscribers & Newsletters <5.7.25 - SQL Injection
CVSS 9.3
CVE-2024-29174
MEDIUM
Dell Data Domain < 7.7.5.40 - SQL Injection
CVSS 4.4
CVE-2024-37843
CRITICAL
Craft CMS < 3.7.31 - Unauthenticated SQL Injection via GraphQL API
CVSS 9.8
CVE-2024-5276
CRITICAL
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
CVSS 9.8
CVE-2024-6308
HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-6028
CRITICAL
Quiz Maker < 6.5.8.3 - Unauthenticated Time-Based SQL Injection via ays_questions Parameter
CVSS 9.8
CVE-2024-36683
HIGH
Smart Modules for PrestaShop <1.7.4 - SQL Injection
CVSS 7.3
CVE-2024-36681
CRITICAL
PrestaShop Isotope Module <=1.7.3 - SQL Injection via saveData and removeData Methods
CVSS 9.8
CVE-2024-34992
HIGH
Help Desk - Customer Support Management System <2.4.0 - SQL Injection
CVSS 8.8
CVE-2024-34988
CRITICAL
PrestaShop <=1.0.51 - SQL Injection
CVSS 9.8
CVE-2024-6160
CRITICAL
MegaBIP <= 5.12.1 - SQL Injection
CVE-2024-6279
MEDIUM
lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 6.3
CVE-2024-6278
MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6277
MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6276
MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6275
MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6274
MEDIUM
lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6268
HIGH
Lahirudanushka School Management System <1.0.2 - SQL Injection
CVSS 7.3
CVE-2024-6266
MEDIUM
Pear Admin Boot <2.0.2 - SQL Injection
CVSS 6.3
CVE-2024-6253
HIGH
itsourcecode Online Food Ordering System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities
19,716
Exploit Likelihood
High