CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,716 vulnerabilities with CWE-89
CVE-2024-5517
HIGH
Online Blood Bank Management System 1.0 - SQL Injection via changepwd.php useremail Parameter
CVSS 7.3
CVE-2024-5516
MEDIUM
Online Blood Bank Management System 1.0 - SQL Injection via massage.php bid Parameter
CVSS 6.3
CVE-2024-5515
MEDIUM
Stock Management System 1.0 - SQL Injection via createBrand.php brandName Parameter
CVSS 6.3
CVE-2024-1100
CRITICAL
Vadi Corporate Information Systems DIGIKENT GIS <2.23.5 - SQL Injec...
CVSS 9.8
CVE-2024-5207
HIGH
Post SMTP < 2.9.3 - Authenticated Time-Based SQL Injection via Selected Parameter
CVSS 7.2
CVE-2024-35548
MEDIUM
Mybatis plus <3.5.6 - SQL Injection
CVSS 5.4
CVE-2024-35511
MEDIUM
phpgurukul Men Salon Management System 2.0 - SQL Injection via Username Parameter
CVSS 4.7
CVE-2024-33450
HIGH
Finereport 8.0 - SQL Injection
CVSS 7.5
CVE-2024-33402
HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-35563
CRITICAL
CDG-Server-V5.6.2.126.139 - SQL Injection
CVSS 9.8
CVE-2024-33808
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33807
MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 5.4
CVE-2024-33806
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33805
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33804
MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 6.3
CVE-2024-33803
MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 5.4
CVE-2024-33802
MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 6.5
CVE-2024-33801
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33800
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 9.8
CVE-2024-33799
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-36428
HIGH
OrangeHRM 3.3.3 - SQL Injection via sortOrder Parameter
CVSS 8.1
CVE-2024-35182
MEDIUM
Meshery < 0.7.22 - SQL Injection via Events API Sort Parameter
CVSS 5.9
CVE-2024-35181
MEDIUM
Meshery < 0.7.22 - SQL Injection and Arbitrary File Write via Order Query Parameter
CVSS 5.9
CVE-2024-0851
CRITICAL
Grup Arge Energy and Control Systems Smartpower <V24.05.27 - SQL In...
CVE-2024-4533
MEDIUM
KKProgressbar2 Free WordPress Plugin <= 1.1.4.2 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities
19,716
Exploit Likelihood
High