CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-36673
CRITICAL
Sourcecodester Pharmacy/Medical Store POS 1.0 - SQL Injection
CVSS 9.8
CVE-2024-5733
HIGH
Online Discussion Forum 1.0 - SQL Injection via eaddress Parameter in register_me.php
CVSS 7.3
CVE-2024-3592
CRITICAL
Quiz And Survey Master <9.0.1 - SQL Injection
CVSS 9.9
CVE-2024-4902
HIGH
Tutor LMS - WordPress <2.7.1 - SQL Injection
CVSS 7.2
CVE-2024-36082
MEDIUM
Music Store - WordPress eCommerce <1.1.14 - SQL Injection
CVSS 6.5
CVE-2024-5225
HIGH
litellm < 1.40.2 - SQL Injection via /global/spend/logs API Key Parameter
CVSS 7.2
CVE-2024-4890
MEDIUM
litellm 1.27.14 - Blind SQL Injection via User ID Parameter
CVSS 4.9
CVE-2024-36779
CRITICAL
Sourcecodester Stock Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-5329
HIGH
Unlimited Elements For Elementor <1.5.109 - Blind SQL Injection
CVSS 8.8
CVE-2024-36393
CRITICAL
SysAid < 23.3.38 - SQL Injection
CVSS 9.9
CVE-2024-5653
HIGH
Chanjet Smooth T+system 3.5 - SQL Injection
CVSS 7.3
CVE-2024-36837
HIGH
CRMEB 5.2.2 - SQL Injection via ProductController.php getProductList Function
CVSS 7.5
CVE-2024-4743
HIGH
LifterLMS < 7.6.3 - Authenticated SQL Injection via orderBy Attribute
CVSS 8.8
CVE-2024-4295
CRITICAL
Email Subscribers by Icegram Express <5.7.20 - SQL Injection
CVSS 9.8
CVE-2024-5636
MEDIUM
itsourcecode Bakery Online Ordering System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5635
MEDIUM
itsourcecode Bakery Online Ordering System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-28996
HIGH
SolarWinds Platform < 2024.2 - SWQL Injection
CVSS 7.5
CVE-2024-36801
MEDIUM
SEMCMS 4.8 - SQL Injection via Download.php lgid Parameter
CVSS 5.9
CVE-2024-36800
HIGH
SEMCMS 4.8 - SQL Injection via Download.php ID Parameter
CVSS 7.5
CVE-2024-34987
CRITICAL
PHPGurukul Online Fire Reporting System 1.2 - SQL Injection via Username Input Field
CVSS 9.1
CVE-2024-35630
HIGH
LJ Apps WP TripAdvisor Review Slider <12.6 - SQL Injection
CVSS 7.6
CVE-2024-5311
CRITICAL
DigiWin EasyFlow .NET - SQL Injection
CVSS 9.8
CVE-2024-5590
MEDIUM
Netentsec NS-ASG 6.3 SQL Injection via /protocol/iscuser/uploadiscuser.php
CVSS 6.3
CVE-2024-5589
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via /admin/config_MT.php Mid Parameter
CVSS 6.3
CVE-2024-5588
MEDIUM
itsourcecode Learning Management System 1.0 - SQL Injection via LessonID Parameter
CVSS 6.3
Details
Vulnerabilities
19,716
Exploit Likelihood
High