CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-6016
MEDIUM
itsourcecode Online Laundry Management System 1.0 - SQL Injection via admin_class.php id Parameter
CVSS 6.3
CVE-2024-6015
MEDIUM
Online House Rental System 1.0 - SQL Injection via manage_user.php month_of Parameter
CVSS 6.3
CVE-2024-6014
MEDIUM
itsourcecode Document Management System 1.0 - SQL Injection via edithis.php id Parameter
CVSS 6.3
CVE-2024-6013
MEDIUM
itsourcecode Online Book Store 1.0 - SQL Injection via admin_delete.php bookisbn Parameter
CVSS 6.3
CVE-2024-6009
MEDIUM
Learning Management System Project in PHP - SQL Injection via userId Parameter in process.php
CVSS 6.3
CVE-2024-6008
MEDIUM
isourcecode Online Book Store up to 1.0 - SQL Injection via /edit_book.php Image Parameter
CVSS 6.3
CVE-2024-6007
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via messagecontent Parameter
CVSS 6.3
CVE-2024-6003
HIGH
Guangdong Baolun Electronics IP Network Broadcasting Service Platfo...
CVSS 7.3
CVE-2024-37831
CRITICAL
Itsourcecode Payroll Management System 1.0 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2024-36597
HIGH
Aegon Life v1.0 - SQL Injection via client_id Parameter
CVSS 8.8
CVE-2024-5985
MEDIUM
Best Online News Portal 1.0 - SQL Injection via Username Parameter in Admin Index
CVSS 6.3
CVE-2024-5984
HIGH
itsourcecode Online Bookstore 1.0 - SQL Injection via bookisbn Parameter
CVSS 7.3
CVE-2024-5983
HIGH
itsourcecode Online Bookstore 1.0 - SQL Injection via bookPerPub.php pubid Parameter
CVSS 7.3
CVE-2024-5981
MEDIUM
Online House Rental System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-5976
HIGH
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via employee_code Parameter
CVSS 7.3
CVE-2024-29169
MEDIUM
Dell Secure Connect Gateway < 5.22.00.00 - Authenticated SQL Injection via Internal Audit REST API
CVSS 5.4
CVE-2024-29168
MEDIUM
Dell Secure Connect Gateway 5.18.00.20-5.22.00.17 - Authenticated SQL Injection in Internal Assets REST API
CVSS 5.4
CVE-2024-37849
CRITICAL
itsourcecode Billing System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-4145
HIGH
Search & Replace WordPress plugin < 3.2.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-3552
CRITICAL
Web Directory Free WP <1.7.0 - SQL Injection
CVSS 9.8
CVE-2024-3922
CRITICAL
Dokan Pro < 3.10.3 - Unauthenticated SQL Injection via Code Parameter
CVSS 10.0
CVE-2024-5898
MEDIUM
Payroll Management System 1.0 - SQL Injection via print_payroll.php id Parameter
CVSS 6.3
CVE-2024-5896
HIGH
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Users.php id Parameter
CVSS 7.3
CVE-2024-5895
MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Users.php Delete Function
CVSS 6.3
CVE-2024-5894
HIGH
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via manage_product.php id Parameter
CVSS 7.3
Details
Vulnerabilities
19,716
Exploit Likelihood
High