CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-1153 MEDIUM
Talya Informatics Travel APPS <v17.0.68 - SQL Injection
CVSS 4.6
CVE-2024-6372 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6371 HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-1839 CRITICAL
Intrado 911 Emergency Gateway Firmware - Unauthenticated Blind Time-Based SQL Injection via Login Form
CVSS 10.0
CVE-2024-4228 CRITICAL
Magarsus Consultancy SSO <1.1 - SQL Injection
CVSS 9.8
CVE-2024-37252 CRITICAL
Icegram Email Subscribers & Newsletters <5.7.25 - SQL Injection
CVSS 9.3
CVE-2024-29174 MEDIUM
Dell Data Domain < 7.7.5.40 - SQL Injection
CVSS 4.4
CVE-2024-37843 CRITICAL
Craft CMS < 3.7.31 - Unauthenticated SQL Injection via GraphQL API
CVSS 9.8
CVE-2024-5276 CRITICAL
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
CVSS 9.8
CVE-2024-6308 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-6028 CRITICAL
Quiz Maker < 6.5.8.3 - Unauthenticated Time-Based SQL Injection via ays_questions Parameter
CVSS 9.8
CVE-2024-36683 HIGH
Smart Modules for PrestaShop <1.7.4 - SQL Injection
CVSS 7.3
CVE-2024-36681 CRITICAL
PrestaShop Isotope Module <=1.7.3 - SQL Injection via saveData and removeData Methods
CVSS 9.8
CVE-2024-34992 HIGH
Help Desk - Customer Support Management System <2.4.0 - SQL Injection
CVSS 8.8
CVE-2024-34988 CRITICAL
PrestaShop <=1.0.51 - SQL Injection
CVSS 9.8
CVE-2024-6160 CRITICAL
MegaBIP <= 5.12.1 - SQL Injection
CVE-2024-6279 MEDIUM
lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 6.3
CVE-2024-6278 MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6277 MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6276 MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6275 MEDIUM
Lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6274 MEDIUM
lahirudanushka School Management System 1.0.0/1.0.1 - SQL Injection
CVSS 4.7
CVE-2024-6268 HIGH
Lahirudanushka School Management System <1.0.2 - SQL Injection
CVSS 7.3
CVE-2024-6266 MEDIUM
Pear Admin Boot <2.0.2 - SQL Injection
CVSS 6.3
CVE-2024-6253 HIGH
itsourcecode Online Food Ordering System 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,716
Exploit Likelihood High