CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-5893 MEDIUM
SourceCodester Cab Management System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2024-36840 CRITICAL
Boelter Blue System Management <1.3 - SQL Injection
CVSS 9.1
CVE-2024-36263 HIGH
Apache Submarine Server Core - SQL Injection
CVSS 8.1
CVE-2024-1576 CRITICAL
megabip < 5.09 - SQL Injection
CVSS 9.8
CVE-2024-4845 HIGH
Icegram Express < 5.7.23 - Authenticated SQL Injection via options[list_id] Parameter
CVSS 8.8
CVE-2024-5543 HIGH
Slideshow Gallery LITE <1.8.1 - SQL Injection
CVSS 8.1
CVE-2024-31495 MEDIUM
FortiPortal 7.0.0-7.0.6 and 7.2.0 - Authenticated SQL Injection via Report Download Functionality
CVSS 4.3
CVE-2024-3549 CRITICAL
Blog2Social < 7.4.1 - Authenticated SQL Injection via b2sSortPostType Parameter
CVSS 9.9
CVE-2024-22261 LOW
Harbor 2.8.1-2.8.5 - SQL Injection via Task ID Leakage
CVSS 2.7
CVE-2024-37393 HIGH
SecurEnvoy MFA < 9.4.514 - Unauthenticated LDAP Injection via DESKTOP Service
CVSS 7.5
CVE-2024-36412 CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 10.0
CVE-2024-36411 CRITICAL
SuiteCRM <7.14.4,8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36410 CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36409 CRITICAL
SuiteCRM <7.14.4, <8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-36408 CRITICAL
SuiteCRM <7.14.4-8.6.1 - SQL Injection
CVSS 9.6
CVE-2024-35305 CRITICAL
Pandora FMS 700-776 - Unauthenticated Time-Based SQL Injection via API Authorization Header
CVSS 9.8
CVE-2024-5775 MEDIUM
SourceCodester Vehicle Management System 1.0 - SQL Injection via updatebill.php id Parameter
CVSS 6.3
CVE-2024-5774 HIGH
Stock Management System 1.0 - SQL Injection via Login Index.php Username/Password Parameter
CVSS 7.3
CVE-2024-5773 MEDIUM
Netentsec NS-ASG 6.3 SQLi via /protocol/firewall/deletemacbind.php messagecontent
CVSS 6.3
CVE-2024-5772 MEDIUM
Netentsec NS-ASG 6.3 SQLi via /protocol/iscuser/deleteiscuser.php messagecontent
CVSS 6.3
CVE-2024-5771 MEDIUM
LabVantage LIMS 2017 - SQL Injection
CVSS 6.3
CVE-2024-35678 HIGH
BestWebSoft Contact Form to DB <= 1.7.2 - SQL Injection
CVSS 8.5
CVE-2024-35750 HIGH
wpdevart Gallery < 2.0.3 - SQL Injection
CVSS 8.5
CVE-2024-35736 HIGH
Themeisle Visualizer <= 3.11.1 - SQL Injection
CVSS 8.5
CVE-2024-30163 CRITICAL
Invision Community <4.7.16 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,716
Exploit Likelihood High