CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-36673 CRITICAL
Sourcecodester Pharmacy/Medical Store POS 1.0 - SQL Injection
CVSS 9.8
CVE-2024-5733 HIGH
Online Discussion Forum 1.0 - SQL Injection via eaddress Parameter in register_me.php
CVSS 7.3
CVE-2024-3592 CRITICAL
Quiz And Survey Master <9.0.1 - SQL Injection
CVSS 9.9
CVE-2024-4902 HIGH
Tutor LMS - WordPress <2.7.1 - SQL Injection
CVSS 7.2
CVE-2024-36082 MEDIUM
Music Store - WordPress eCommerce <1.1.14 - SQL Injection
CVSS 6.5
CVE-2024-5225 HIGH
litellm < 1.40.2 - SQL Injection via /global/spend/logs API Key Parameter
CVSS 7.2
CVE-2024-4890 MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
CVSS 4.9
CVE-2024-36779 CRITICAL
Sourcecodester Stock Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-5329 HIGH
Unlimited Elements For Elementor <1.5.109 - Blind SQL Injection
CVSS 8.8
CVE-2024-36393 CRITICAL
SysAid < 23.3.38 - SQL Injection
CVSS 9.9
CVE-2024-5653 HIGH
Chanjet Smooth T+system 3.5 - SQL Injection
CVSS 7.3
CVE-2024-36837 HIGH
CRMEB 5.2.2 - SQL Injection via ProductController.php getProductList Function
CVSS 7.5
CVE-2024-4743 HIGH
LifterLMS < 7.6.3 - Authenticated SQL Injection via orderBy Attribute
CVSS 8.8
CVE-2024-4295 CRITICAL
Email Subscribers by Icegram Express <5.7.20 - SQL Injection
CVSS 9.8
CVE-2024-5636 MEDIUM
itsourcecode Bakery Online Ordering System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5635 MEDIUM
itsourcecode Bakery Online Ordering System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-28996 HIGH
SolarWinds Platform < 2024.2 - SWQL Injection
CVSS 7.5
CVE-2024-36801 MEDIUM
SEMCMS 4.8 - SQL Injection via Download.php lgid Parameter
CVSS 5.9
CVE-2024-36800 HIGH
SEMCMS 4.8 - SQL Injection via Download.php ID Parameter
CVSS 7.5
CVE-2024-34987 CRITICAL
PHPGurukul Online Fire Reporting System 1.2 - SQL Injection via Username Input Field
CVSS 9.1
CVE-2024-35630 HIGH
LJ Apps WP TripAdvisor Review Slider <12.6 - SQL Injection
CVSS 7.6
CVE-2024-5311 CRITICAL
DigiWin EasyFlow .NET - SQL Injection
CVSS 9.8
CVE-2024-5590 MEDIUM
Netentsec NS-ASG 6.3 SQL Injection via /protocol/iscuser/uploadiscuser.php
CVSS 6.3
CVE-2024-5589 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via /admin/config_MT.php Mid Parameter
CVSS 6.3
CVE-2024-5588 MEDIUM
itsourcecode Learning Management System 1.0 - SQL Injection via LessonID Parameter
CVSS 6.3
Details
Vulnerabilities 19,716
Exploit Likelihood High