CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-21514 HIGH
OpenCart - Unauthenticated SQL Injection via Divido Payment Extension
CVSS 7.4
CVE-2024-34989 CRITICAL
PrestaShop prestapdf <7.0.0 - SQL Injection
CVSS 9.8
CVE-2024-6241 MEDIUM
Pear Admin Boot <2.0.2 - SQL Injection
CVSS 6.3
CVE-2024-6027 CRITICAL
Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated Time-Based SQL Injection via Conditions Parameter
CVSS 9.8
CVE-2024-5756 CRITICAL
Email Subscribers by Icegram Express < 5.7.23 - Unauthenticated Time-Based SQL Injection via DB Parameter
CVSS 9.8
CVE-2024-6218 HIGH
itsourcecode Vehicle Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6217 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6216 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6215 MEDIUM
SourceCodester Food Ordering <1.0 - SQL Injection
CVSS 6.3
CVE-2024-6214 MEDIUM
SourceCodester Food Ordering Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6213 HIGH
SourceCodester Food Ordering <1.0 - SQL Injection
CVSS 7.3
CVE-2024-6212 LOW
SourceCodester Simple Student Attendance System 1.0 - XSS
CVSS 3.5
CVE-2024-29390 HIGH
Daily Expenses Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-37699 CRITICAL
DataLife Engine <17.1 - SQL Injection
CVSS 9.8
CVE-2024-6196 HIGH
itsourcecode Banking Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6195 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6194 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-6193 HIGH
itsourcecode Vehicle Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6192 HIGH
itsourcecode Loan Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6191 HIGH
itsourcecode Student Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6190 HIGH
itsourcecode Farm Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-6113 HIGH
Monbela Tourist Inn Online Reservation System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-5522 MEDIUM
HTML5 Video Player < 2.5.27 - Unauthenticated SQL Injection via REST Route Parameter
CVSS 6.5
CVE-2024-5605 HIGH
Media Library Assistant <3.16 - SQL Injection
CVSS 8.8
CVE-2024-4742 MEDIUM
Youzify < 1.2.5 - Authenticated SQL Injection via order_by Shortcode Attribute
CVSS 6.5
Details
Vulnerabilities 19,716
Exploit Likelihood High