CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-3605 CRITICAL
WP Hotel Booking < 2.1.0 - Unauthenticated SQL Injection via Room Type Parameter
CVSS 10.0
CVE-2024-3561 HIGH
Custom Field Suite <2.6.7 - SQL Injection
CVSS 8.8
CVE-2024-36684 CRITICAL
pk_customlinks <= 2.3 - Unauthenticated SQL Injection via ajax.php
CVSS 9.8
CVE-2024-36680 HIGH
PrestaShop pkfacebook <=1.0.1 - SQL Injection
CVSS 7.5
CVE-2024-36678 CRITICAL
pk_themesettings <= 1.8.8 - Unauthenticated SQL Injection via ajax.php
CVSS 9.8
CVE-2024-34994 CRITICAL
Channable module for PrestaShop <= 3.2.1 - Unauthenticated SQL Injection via postProcess()
CVSS 9.8
CVE-2024-34993 MEDIUM
Buy Addons for PrestaShop <1.0.26 - SQL Injection
CVSS 6.3
CVE-2024-37791 MEDIUM
DuxCMS3 v3.1.3 - SQL Injection via Keyword Parameter
CVSS 6.0
CVE-2024-38348 HIGH
CodeProjects Health Care <v1.0 - SQL Injection
CVSS 8.8
CVE-2024-38347 HIGH
CodeProjects Health Care <v1.0 - SQL Injection
CVSS 8.8
CVE-2024-37802 HIGH
Health Care Hospital Management System 1.0 - SQL Injection via Patient Info searvalu Parameter
CVSS 8.8
CVE-2024-37799 MEDIUM
CodeProjects Restaurant Reservation System 1.0 - SQL Injection via reserv_id Parameter
CVSS 5.4
CVE-2024-6112 HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection via log_email Parameter
CVSS 7.3
CVE-2024-6111 HIGH
Pool of Bethesda Online Reservation System 1.0 - SQL Injection via Email Parameter in login.php
CVSS 7.3
CVE-2024-6109 MEDIUM
Tailoring Management System 1.0 - SQL Injection via addmeasurement.php id Parameter
CVSS 6.3
CVE-2024-6067 MEDIUM
SourceCodester Music Class Enrollment System 1.0 - SQL Injection via /mces/?p=class/view_class id Parameter
CVSS 6.3
CVE-2024-6066 MEDIUM
Best House Rental Management System 1.0 - SQL Injection via payment_report.php month_of Parameter
CVSS 6.3
CVE-2024-6065 HIGH
Bakery Online Ordering System 1.0 - SQL Injection via user_email Parameter
CVSS 7.3
CVE-2024-37896 HIGH
Gin-vue-admin <= v2.6.5 - SQL Injection
CVSS 8.8
CVE-2024-37840 HIGH
Itsourcecode Learning Management System Project In PHP With Source Code v1.0 - SQL Injection via LessonID Parameter
CVSS 8.8
CVE-2024-37848 HIGH
Online-Bookstore-Project-In-PHP 1.0 - SQL Injection via admin_delete.php
CVSS 8.4
CVE-2024-6043 HIGH
Best House Rental Management System 1.0 - SQL Injection via admin_class.php Login Function
CVSS 7.3
CVE-2024-6042 HIGH
Real Estate Management System 1.0 - SQL Injection via property-detail.php id Parameter
CVSS 7.3
CVE-2024-6041 MEDIUM
Gym Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-6039 MEDIUM
Feng Office 3.11.1.2 - SQL Injection via Workspaces Component
CVSS 6.3
Details
Vulnerabilities 19,716
Exploit Likelihood High