CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-4911 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4910 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-31856 HIGH
CyberPower PowerPanel < 4.9.0 - SQL Injection and Arbitrary File Write via MQTT Messages
CVSS 8.8
CVE-2024-4909 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4908 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4907 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4906 MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4905 MEDIUM
Kashipara College Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-4903 MEDIUM
Tongda OA 2017 - SQL Injection via M_ID_STR Parameter in /general/meeting/manage/delete.php
CVSS 6.3
CVE-2024-34955 CRITICAL
Code-projects Budget Management 1.0 - SQL Injection via Delete Parameter
CVSS 9.8
CVE-2024-4893 CRITICAL
DigiWin EasyFlow .NET - SQL Injection
CVSS 9.8
CVE-2024-32888 CRITICAL
Amazon JDBC Driver for Redshift < 2.1.0.28 - SQL Injection via preferQueryMode=simple Connection Property
CVSS 10.0
CVE-2024-4847 HIGH
Alt Text AI < 1.4.9 - Authenticated SQL Injection via last_post_id Parameter
CVSS 8.8
CVE-2024-33485 CRITICAL
CASAP Automated Enrollment System <V1.0 - SQL Injection
CVSS 9.8
CVE-2024-34256 CRITICAL
ofcms 1.1.2 - SQL Injection via New Table Function
CVSS 9.8
CVE-2024-33009 MEDIUM
SAP Global Label Management - SQL Injection
CVSS 4.2
CVE-2024-27941 HIGH
RUGGEDCOM CROSSBOW < 5.5 - SQL Injection
CVSS 8.8
CVE-2024-27940 HIGH
RUGGEDCOM CROSSBOW < 5.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-4824 CRITICAL
School ERP Pro+Responsive 1.0 - SQL Injection via Office Admin Index Parameters
CVSS 9.8
CVE-2024-4808 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via delete_faculty.php id Parameter
CVSS 6.3
CVE-2024-4807 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via delete_user.php id Parameter
CVSS 6.3
CVE-2024-4806 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via each_extracurricula_activities.php id Parameter
CVSS 6.3
CVE-2024-4805 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via edit_faculty.php id Parameter
CVSS 6.3
CVE-2024-4804 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via edit_user.php id Parameter
CVSS 6.3
CVE-2024-4803 MEDIUM
Kashipara College Management System 1.0 - SQL Injection via submit_admin.php Phone Parameter
CVSS 6.3
Details
Vulnerabilities 19,718
Exploit Likelihood High