CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-5113 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5112 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5111 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5110 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5109 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5108 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5107 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5106 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5105 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5104 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5103 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-5101 MEDIUM
SourceCodester Simple Inventory System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5100 MEDIUM
SourceCodester Simple Inventory System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-5099 MEDIUM
Simple Inventory System 1.0 - SQL Injection via updateprice.php ITEM Parameter
CVSS 6.3
CVE-2024-5098 MEDIUM
Simple Inventory System 1.0 - SQL Injection via login.php Username Parameter
CVSS 5.5
CVE-2024-5094 HIGH
Best House Rental Management System 1.0 - SQL Injection via view_payment.php id Parameter
CVSS 7.3
CVE-2024-5093 HIGH
Best House Rental Management System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2024-5069 MEDIUM
Simple Online Men's Salon Management System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
CVE-2024-5066 MEDIUM
PHPGurukul Online Course Registration System 3.1 - SQL Injection via Pincode Parameter
CVSS 6.3
CVE-2024-5065 HIGH
PHPGurukul Online Course Registration System 3.1 - SQL Injection via Regno Parameter
CVSS 7.3
CVE-2024-5064 HIGH
PHPGurukul Online Course Registration System 3.1 - SQL Injection via News Details nid Parameter
CVSS 7.3
CVE-2024-5063 HIGH
PHPGurukul Online Course Registration System 3.1 - SQL Injection via Admin Login
CVSS 7.3
CVE-2024-5051 MEDIUM
Gas Agency Management System 1.0 - SQL Injection via edituser.php id Parameter
CVSS 6.3
CVE-2024-5048 MEDIUM
code-projects Budget Management 1.0 - SQL Injection via edit Parameter
CVSS 6.3
CVE-2024-5046 HIGH
Online Examination System 1.0 - SQL Injection via registeracc.php Email Parameter
CVSS 7.3
Details
Vulnerabilities 19,718
Exploit Likelihood High