CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-5235
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via teacher_id Parameter
CVSS 6.3
CVE-2024-5234
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Teacher Salary History Index Parameter
CVSS 6.3
CVE-2024-5233
MEDIUM
Campcodes School Management System 1.0 - SQLi via teacher_salary_details3.php index
CVSS 6.3
CVE-2024-5232
MEDIUM
Campcodes School Management System 1.0 - SQLi via teacher_salary_details2.php index parameter
CVSS 6.3
CVE-2024-5231
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via teacher_salary_details.php index Parameter
CVSS 6.3
CVE-2024-21791
MEDIUM
ManageEngine ADAudit Plus < 7271 - Authenticated SQL Injection in Lockout History Option
CVSS 4.7
CVE-2024-20360
HIGH
Cisco Firepower Management Center - SQL Injection
CVSS 8.8
CVE-2024-35409
CRITICAL
WeBid 1.1.2 - SQL Injection via admin/tax.php
CVSS 9.8
CVE-2024-3495
CRITICAL
Country State City Dropdown CF7 <2.7.2 - SQL Injection
CVSS 9.8
CVE-2024-4443
CRITICAL
Business Directory Plugin - WordPress <6.4.2 - SQL Injection
CVSS 9.8
CVE-2024-3518
HIGH
Media Library Assistant <3.15 - SQL Injection
CVSS 8.8
CVE-2024-35056
CRITICAL
NASA AIT-Core < 2.5.2 - SQL Injection via query_packets and insert functions
CVSS 9.8
CVE-2024-36039
MEDIUM
PyMySQL < 1.1.1 - SQL Injection via Unescaped JSON Keys
CVSS 6.3
CVE-2024-35361
CRITICAL
MTab Bookmark <1.9.5 - SQL Injection
CVSS 9.8
CVE-2024-34949
HIGH
Likeshop < 2.5.7 - SQL Injection via OrderLogic::getOrderList Function
CVSS 8.2
CVE-2024-5135
HIGH
PHPGurukul Directory Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5134
MEDIUM
SourceCodester Electricity Consumption Monitoring Tool 1.0 - SQL In...
CVSS 6.3
CVE-2024-5122
HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5120
MEDIUM
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5119
MEDIUM
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5118
HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5117
HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5116
HIGH
SourceCodester Online Examination System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5115
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5114
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
Details
Vulnerabilities
19,718
Exploit Likelihood
High