CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-5517 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via changepwd.php useremail Parameter
CVSS 7.3
CVE-2024-5516 MEDIUM
Online Blood Bank Management System 1.0 - SQL Injection via massage.php bid Parameter
CVSS 6.3
CVE-2024-5515 MEDIUM
Stock Management System 1.0 - SQL Injection via createBrand.php brandName Parameter
CVSS 6.3
CVE-2024-1100 CRITICAL
Vadi Corporate Information Systems DIGIKENT GIS <2.23.5 - SQL Injec...
CVSS 9.8
CVE-2024-5207 HIGH
Post SMTP < 2.9.3 - Authenticated Time-Based SQL Injection via Selected Parameter
CVSS 7.2
CVE-2024-35548 MEDIUM
Mybatis plus <3.5.6 - SQL Injection
CVSS 5.4
CVE-2024-35511 MEDIUM
phpgurukul Men Salon Management System 2.0 - SQL Injection via Username Parameter
CVSS 4.7
CVE-2024-33450 HIGH
Finereport 8.0 - SQL Injection
CVSS 7.5
CVE-2024-33402 HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-35563 CRITICAL
CDG-Server-V5.6.2.126.139 - SQL Injection
CVSS 9.8
CVE-2024-33808 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33807 MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 5.4
CVE-2024-33806 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33805 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33804 MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 6.3
CVE-2024-33803 MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 5.4
CVE-2024-33802 MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 6.5
CVE-2024-33801 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33800 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 9.8
CVE-2024-33799 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-36428 HIGH
OrangeHRM 3.3.3 - SQL Injection via sortOrder Parameter
CVSS 8.1
CVE-2024-35182 MEDIUM
Meshery < 0.7.22 - SQL Injection via Events API Sort Parameter
CVSS 5.9
CVE-2024-35181 MEDIUM
Meshery < 0.7.22 - SQL Injection and Arbitrary File Write via Order Query Parameter
CVSS 5.9
CVE-2024-0851 CRITICAL
Grup Arge Energy and Control Systems Smartpower <V24.05.27 - SQL In...
CVE-2024-4533 MEDIUM
KKProgressbar2 Free WordPress Plugin <= 1.1.4.2 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,716
Exploit Likelihood High