CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,716 vulnerabilities with CWE-89
CVE-2024-35091 CRITICAL
j2eefast 2.7.0 - SQL Injection via SysTenantMapper.xml findPage Function
CVSS 9.8
CVE-2024-35090 HIGH
j2eefast 2.7.0 - SQL Injection via SysUreportFileMapper.xml findPage Function
CVSS 8.2
CVE-2024-35086 CRITICAL
j2eefast v2.7.0 - SQL Injection via BpmTaskFromMapper.xml findPage Function
CVSS 9.8
CVE-2024-35085 MEDIUM
j2eefast 2.7.0 - SQL Injection via ProcessDefinitionMapper.xml findPage Function
CVSS 5.4
CVE-2024-35084 CRITICAL
j2eefast 2.7.0 - SQL Injection via SysMsgPushMapper.xml findPage Function
CVSS 9.8
CVE-2024-35083 HIGH
j2eefast v2.7.0 - SQL Injection via SysLoginInfoMapper.xml findPage Function
CVSS 8.8
CVE-2024-35082 MEDIUM
j2eefast 2.7.0 - SQL Injection via SysOperLogMapper.xml findPage Function
CVSS 6.3
CVE-2024-34936 HIGH
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via month Parameter
CVSS 8.6
CVE-2024-34935 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via conversation_id Parameter
CVSS 9.8
CVE-2024-34934 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via conversation_id Parameter
CVSS 9.8
CVE-2024-34933 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via admission_fee Parameter
CVSS 6.3
CVE-2024-34932 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via name Parameter
CVSS 9.8
CVE-2024-34931 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via name Parameter
CVSS 9.8
CVE-2024-34930 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via month Parameter
CVSS 5.3
CVE-2024-34929 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
CVSS 9.8
CVE-2024-34928 HIGH
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Grade Parameter
CVSS 7.3
CVE-2024-34927 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via name Parameter
CVSS 9.8
CVE-2024-4779 HIGH
Unlimited Elements For Elementor <= 1.5.107 - Authenticated SQL Injection via data[post_ids][0] Parameter
CVSS 8.8
CVE-2024-5240 MEDIUM
Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
CVSS 6.3
CVE-2024-5239 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Timetable Update Form Grade Parameter
CVSS 6.3
CVE-2024-5238 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Timetable Insert Form Grade Parameter
CVSS 6.3
CVE-2024-5237 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Timetable Grade Parameter
CVSS 6.3
CVE-2024-5236 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Teacher Salary Invoice Date Parameter
CVSS 6.3
CVE-2024-5235 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via teacher_id Parameter
CVSS 6.3
CVE-2024-5234 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Teacher Salary History Index Parameter
CVSS 6.3
Details
Vulnerabilities 19,716
Exploit Likelihood High