CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-5893
MEDIUM
SourceCodester Cab Management System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2024-36840
CRITICAL
Boelter Blue System Management <1.3 - SQL Injection
CVSS 9.1
CVE-2024-36263
HIGH
Apache Submarine Server Core - SQL Injection
CVSS 8.1
CVE-2024-1576
CRITICAL
megabip < 5.09 - SQL Injection
CVSS 9.8
CVE-2024-4845
HIGH
Icegram Express < 5.7.23 - Authenticated SQL Injection via options[list_id] Parameter
CVSS 8.8
CVE-2024-5543
HIGH
Slideshow Gallery LITE <1.8.1 - SQL Injection
CVSS 8.1
CVE-2024-31495
MEDIUM
FortiPortal 7.0.0-7.0.6 and 7.2.0 - Authenticated SQL Injection via Report Download Functionality
CVSS 4.3
CVE-2024-3549
CRITICAL
Blog2Social < 7.4.1 - Authenticated SQL Injection via b2sSortPostType Parameter
CVSS 9.9
CVE-2024-22261
LOW
Harbor 2.8.1-2.8.5 - SQL Injection via Task ID Leakage
CVSS 2.7
CVE-2024-37393
HIGH
SecurEnvoy MFA < 9.4.514 - Unauthenticated LDAP Injection via DESKTOP Service
CVSS 7.5
CVE-2024-36412
CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 10.0
CVE-2024-36411
CRITICAL
SuiteCRM <7.14.4,8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36410
CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36409
CRITICAL
SuiteCRM <7.14.4, <8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36408
CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-35305
CRITICAL
Pandora FMS 700-776 - Unauthenticated Time-Based SQL Injection via API Authorization Header
CVSS 9.8
CVE-2024-5775
MEDIUM
SourceCodester Vehicle Management System 1.0 - SQL Injection via updatebill.php id Parameter
CVSS 6.3
CVE-2024-5774
HIGH
Stock Management System 1.0 - SQL Injection via Login Index.php Username/Password Parameter
CVSS 7.3
CVE-2024-5773
MEDIUM
Netentsec NS-ASG 6.3 SQLi via /protocol/firewall/deletemacbind.php messagecontent
CVSS 6.3
CVE-2024-5772
MEDIUM
Netentsec NS-ASG 6.3 SQLi via /protocol/iscuser/deleteiscuser.php messagecontent
CVSS 6.3
CVE-2024-5771
MEDIUM
LabVantage LIMS 2017 - SQL Injection
CVSS 6.3
CVE-2024-35678
HIGH
BestWebSoft Contact Form to DB <= 1.7.2 - SQL Injection
CVSS 8.5
CVE-2024-35750
HIGH
wpdevart Gallery < 2.0.3 - SQL Injection
CVSS 8.5
CVE-2024-35736
HIGH
Themeisle Visualizer <= 3.11.1 - SQL Injection
CVSS 8.5
CVE-2024-30163
CRITICAL
Invision Community <4.7.16 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,716
Exploit Likelihood
High