CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-3605
CRITICAL
WP Hotel Booking < 2.1.0 - Unauthenticated SQL Injection via Room Type Parameter
CVSS 10.0
CVE-2024-3561
HIGH
Custom Field Suite <2.6.7 - SQL Injection
CVSS 8.8
CVE-2024-36684
CRITICAL
pk_customlinks <= 2.3 - Unauthenticated SQL Injection via ajax.php
CVSS 9.8
CVE-2024-36680
HIGH
PrestaShop pkfacebook <=1.0.1 - SQL Injection
CVSS 7.5
CVE-2024-36678
CRITICAL
pk_themesettings <= 1.8.8 - Unauthenticated SQL Injection via ajax.php
CVSS 9.8
CVE-2024-34994
CRITICAL
Channable module for PrestaShop <= 3.2.1 - Unauthenticated SQL Injection via postProcess()
CVSS 9.8
CVE-2024-34993
MEDIUM
Buy Addons for PrestaShop <1.0.26 - SQL Injection
CVSS 6.3
CVE-2024-37791
MEDIUM
DuxCMS3 v3.1.3 - SQL Injection via Keyword Parameter
CVSS 6.0
CVE-2024-38348
HIGH
CodeProjects Health Care <v1.0 - SQL Injection
CVSS 8.8
CVE-2024-38347
HIGH
CodeProjects Health Care <v1.0 - SQL Injection
CVSS 8.8
CVE-2024-37802
HIGH
Health Care Hospital Management System 1.0 - SQL Injection via Patient Info searvalu Parameter
CVSS 8.8
CVE-2024-37799
MEDIUM
CodeProjects Restaurant Reservation System 1.0 - SQL Injection via reserv_id Parameter
CVSS 5.4
CVE-2024-6112
HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection via log_email Parameter
CVSS 7.3
CVE-2024-6111
HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection via Email Parameter in login.php
CVSS 7.3
CVE-2024-6109
MEDIUM
Tailoring Management System 1.0 - SQL Injection via addmeasurement.php id Parameter
CVSS 6.3
CVE-2024-6067
MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via /mces/?p=class/view_class id Parameter
CVSS 6.3
CVE-2024-6066
MEDIUM
Best House Rental Management System 1.0 - SQL Injection via payment_report.php month_of Parameter
CVSS 6.3
CVE-2024-6065
HIGH
Bakery Online Ordering System 1.0 - SQL Injection via user_email Parameter
CVSS 7.3
CVE-2024-37896
HIGH
Gin-vue-admin <= v2.6.5 - SQL Injection
CVSS 8.8
CVE-2024-37840
HIGH
Itsourcecode Learning Management System Project In PHP With Source Code v1.0 - SQL Injection via LessonID Parameter
CVSS 8.8
CVE-2024-37848
HIGH
Online-Bookstore-Project-In-PHP 1.0 - SQL Injection via admin_delete.php
CVSS 8.4
CVE-2024-6043
HIGH
Best House Rental Management System 1.0 - SQL Injection via admin_class.php Login Function
CVSS 7.3
CVE-2024-6042
HIGH
Real Estate Management System 1.0 - SQL Injection via property-detail.php id Parameter
CVSS 7.3
CVE-2024-6041
MEDIUM
Gym Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-6039
MEDIUM
Feng Office 3.11.1.2 - SQL Injection via Workspaces Component
CVSS 6.3
Details
Vulnerabilities
19,716
Exploit Likelihood
High