CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-21514
HIGH
OpenCart - Unauthenticated SQL Injection via Divido Payment Extension
CVSS 7.4
CVE-2024-34989
CRITICAL
PrestaShop prestapdf <7.0.0 - SQL Injection
CVSS 9.8
CVE-2024-6241
MEDIUM
Pear Admin Boot <2.0.2 - SQL Injection
CVSS 6.3
CVE-2024-6027
CRITICAL
Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated Time-Based SQL Injection via Conditions Parameter
CVSS 9.8
CVE-2024-5756
CRITICAL
Email Subscribers by Icegram Express < 5.7.23 - Unauthenticated Time-Based SQL Injection via DB Parameter
CVSS 9.8
CVE-2024-6218
HIGH
itsourcecode Vehicle Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6217
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6216
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6215
MEDIUM
SourceCodester Food Ordering <1.0 - SQL Injection
CVSS 6.3
CVE-2024-6214
MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6213
HIGH
SourceCodester Food Ordering <1.0 - SQL Injection
CVSS 7.3
CVE-2024-6212
LOW
SourceCodester Simple Student Attendance System 1.0 - XSS
CVSS 3.5
CVE-2024-29390
HIGH
Daily Expenses Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-37699
CRITICAL
DataLife Engine <17.1 - SQL Injection
CVSS 9.8
CVE-2024-6196
HIGH
itsourcecode Banking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6195
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6194
MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6193
HIGH
itsourcecode Vehicle Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6192
HIGH
itsourcecode Loan Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6191
HIGH
itsourcecode Student Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6190
HIGH
itsourcecode Farm Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6113
HIGH
Monbela Tourist Inn Online Reservation System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-5522
MEDIUM
HTML5 Video Player < 2.5.27 - Unauthenticated SQL Injection via REST Route Parameter
CVSS 6.5
CVE-2024-5605
HIGH
Media Library Assistant <3.16 - SQL Injection
CVSS 8.8
CVE-2024-4742
MEDIUM
Youzify < 1.2.5 - Authenticated SQL Injection via order_by Shortcode Attribute
CVSS 6.5
Details
Vulnerabilities
19,716
Exploit Likelihood
High