CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-3820 CRITICAL
wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts ...
CVSS 10.0
CVE-2024-3200 CRITICAL
wpForo Forum < 2.3.3 - Authenticated SQL Injection via Shortcode Slug Attribute
CVSS 9.9
CVE-2024-29846 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.0
CVE-2024-29830 HIGH
Ivanti EPM <2022 SU5 - Authenticated SQL Injection
CVSS 8.0
CVE-2024-29829 HIGH
Ivanti EPM <2022 SU5 - Authenticated SQL Injection
CVSS 8.0
CVE-2024-29828 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.0
CVE-2024-29827 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.8
CVE-2024-29826 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.8
CVE-2024-29825 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.8
CVE-2024-29824 HIGH KEV
Ivanti EPM RecordGoodApp SQLi RCE
CVSS 8.8
CVE-2024-29823 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.8
CVE-2024-29822 HIGH
Ivanti EPM <2022 SU5 - SQL Injection
CVSS 8.8
CVE-2024-22059 HIGH
Ivanti Neurons for ITSM - SQL Injection
CVSS 8.8
CVE-2024-5523 HIGH
Astrotalks 10/03/2023 - Authenticated SQL Injection via SearchString Parameter
CVSS 8.8
CVE-2024-35469 CRITICAL
SourceCodester Human Resource Management System 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2024-35468 MEDIUM
SourceCodester Human Resource Management System 1.0 - SQL Injection via Password Parameter
CVSS 5.4
CVE-2024-35359 CRITICAL
Dio Physics School Assistant 2.3 - SQL Injection via Master.php id Parameter
CVSS 9.8
CVE-2024-35350 CRITICAL
Dio Physics School Assistant 2.3 - SQL Injection via /admin/?page=borrow/view_borrow id Parameter
CVSS 9.8
CVE-2024-35349 CRITICAL
Dio Physics School Assistant 2.3 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-5519 HIGH
ItsourceCode Learning Management System Project In PHP 1.0 - SQL Injection via login.php user_email Parameter
CVSS 7.3
CVE-2024-35358 MEDIUM
Dio Physics School Assistant 2.3 - SQL Injection via Master.php id Parameter
CVSS 6.5
CVE-2024-35357 MEDIUM
Dio Physics School Assistant 2.3 - SQL Injection via Master.php id Parameter
CVSS 5.3
CVE-2024-35356 MEDIUM
Dio Physics School Assistant 2.3 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-35355 CRITICAL
Dio Physics School Assistant 2.3 - SQL Injection via Master.php id Parameter
CVSS 9.8
CVE-2024-35354 CRITICAL
Dio Physics School Assistant 2.3 - SQL Injection via id Parameter in Master.php
CVSS 9.8
Details
Vulnerabilities 19,716
Exploit Likelihood High