CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-5235 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via teacher_id Parameter
CVSS 6.3
CVE-2024-5234 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Teacher Salary History Index Parameter
CVSS 6.3
CVE-2024-5233 MEDIUM
Campcodes School Management System 1.0 - SQLi via teacher_salary_details3.php index
CVSS 6.3
CVE-2024-5232 MEDIUM
Campcodes School Management System 1.0 - SQLi via teacher_salary_details2.php index parameter
CVSS 6.3
CVE-2024-5231 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via teacher_salary_details.php index Parameter
CVSS 6.3
CVE-2024-21791 MEDIUM
ManageEngine ADAudit Plus < 7271 - Authenticated SQL Injection in Lockout History Option
CVSS 4.7
CVE-2024-20360 HIGH
Cisco Firepower Management Center - SQL Injection
CVSS 8.8
CVE-2024-35409 CRITICAL
WeBid 1.1.2 - SQL Injection via admin/tax.php
CVSS 9.8
CVE-2024-3495 CRITICAL
Country State City Dropdown CF7 <2.7.2 - SQL Injection
CVSS 9.8
CVE-2024-4443 CRITICAL
Business Directory Plugin - WordPress <6.4.2 - SQL Injection
CVSS 9.8
CVE-2024-3518 HIGH
Media Library Assistant <3.15 - SQL Injection
CVSS 8.8
CVE-2024-35056 CRITICAL
NASA AIT-Core < 2.5.2 - SQL Injection via query_packets and insert functions
CVSS 9.8
CVE-2024-36039 MEDIUM
PyMySQL < 1.1.1 - SQL Injection via Unescaped JSON Keys
CVSS 6.3
CVE-2024-35361 CRITICAL
MTab Bookmark <1.9.5 - SQL Injection
CVSS 9.8
CVE-2024-34949 HIGH
Likeshop < 2.5.7 - SQL Injection via OrderLogic::getOrderList Function
CVSS 8.2
CVE-2024-5135 HIGH
PHPGurukul Directory Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5134 MEDIUM
SourceCodester Electricity Consumption Monitoring Tool 1.0 - SQL In...
CVSS 6.3
CVE-2024-5122 HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5120 MEDIUM
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5119 MEDIUM
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5118 HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5117 HIGH
SourceCodester Event Registration System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5116 HIGH
SourceCodester Online Examination System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-5115 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5114 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
Details
Vulnerabilities 19,718
Exploit Likelihood High