CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-6016 MEDIUM
itsourcecode Online Laundry Management System 1.0 - SQL Injection via admin_class.php id Parameter
CVSS 6.3
CVE-2024-6015 MEDIUM
Online House Rental System 1.0 - SQL Injection via manage_user.php month_of Parameter
CVSS 6.3
CVE-2024-6014 MEDIUM
itsourcecode Document Management System 1.0 - SQL Injection via edithis.php id Parameter
CVSS 6.3
CVE-2024-6013 MEDIUM
itsourcecode Online Book Store 1.0 - SQL Injection via admin_delete.php bookisbn Parameter
CVSS 6.3
CVE-2024-6009 MEDIUM
Learning Management System Project in PHP - SQL Injection via userId Parameter in process.php
CVSS 6.3
CVE-2024-6008 MEDIUM
isourcecode Online Book Store up to 1.0 - SQL Injection via /edit_book.php Image Parameter
CVSS 6.3
CVE-2024-6007 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via messagecontent Parameter
CVSS 6.3
CVE-2024-6003 HIGH
Guangdong Baolun Electronics IP Network Broadcasting Service Platfo...
CVSS 7.3
CVE-2024-37831 CRITICAL
Itsourcecode Payroll Management System 1.0 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2024-36597 HIGH
Aegon Life v1.0 - SQL Injection via client_id Parameter
CVSS 8.8
CVE-2024-5985 MEDIUM
Best Online News Portal 1.0 - SQL Injection via Username Parameter in Admin Index
CVSS 6.3
CVE-2024-5984 HIGH
itsourcecode Online Bookstore 1.0 - SQL Injection via bookisbn Parameter
CVSS 7.3
CVE-2024-5983 HIGH
itsourcecode Online Bookstore 1.0 - SQL Injection via bookPerPub.php pubid Parameter
CVSS 7.3
CVE-2024-5981 MEDIUM
Online House Rental System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-5976 HIGH
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via employee_code Parameter
CVSS 7.3
CVE-2024-29169 MEDIUM
Dell Secure Connect Gateway < 5.22.00.00 - Authenticated SQL Injection via Internal Audit REST API
CVSS 5.4
CVE-2024-29168 MEDIUM
Dell Secure Connect Gateway 5.18.00.20-5.22.00.17 - Authenticated SQL Injection in Internal Assets REST API
CVSS 5.4
CVE-2024-37849 CRITICAL
itsourcecode Billing System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2024-4145 HIGH
Search & Replace WordPress plugin < 3.2.2 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-3552 CRITICAL
Web Directory Free WP <1.7.0 - SQL Injection
CVSS 9.8
CVE-2024-3922 CRITICAL
Dokan Pro < 3.10.3 - Unauthenticated SQL Injection via Code Parameter
CVSS 10.0
CVE-2024-5898 MEDIUM
Payroll Management System 1.0 - SQL Injection via print_payroll.php id Parameter
CVSS 6.3
CVE-2024-5896 HIGH
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Users.php id Parameter
CVSS 7.3
CVE-2024-5895 MEDIUM
Employee and Visitor Gate Pass Logging System 1.0 - SQL Injection via Users.php Delete Function
CVSS 6.3
CVE-2024-5894 HIGH
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via manage_product.php id Parameter
CVSS 7.3
Details
Vulnerabilities 19,716
Exploit Likelihood High