CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-4911
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4910
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-31856
HIGH
CyberPower PowerPanel < 4.9.0 - SQL Injection and Arbitrary File Write via MQTT Messages
CVSS 8.8
CVE-2024-4909
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4908
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4907
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4906
MEDIUM
Campcodes Complete Web-Based School Management System 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4905
MEDIUM
Kashipara College Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-4903
MEDIUM
Tongda OA 2017 - SQL Injection via M_ID_STR Parameter in /general/meeting/manage/delete.php
CVSS 6.3
CVE-2024-34955
CRITICAL
Code-projects Budget Management 1.0 - SQL Injection via Delete Parameter
CVSS 9.8
CVE-2024-4893
CRITICAL
DigiWin EasyFlow .NET - SQL Injection
CVSS 9.8
CVE-2024-32888
CRITICAL
Amazon JDBC Driver for Redshift < 2.1.0.28 - SQL Injection via preferQueryMode=simple Connection Property
CVSS 10.0
CVE-2024-4847
HIGH
Alt Text AI < 1.4.9 - Authenticated SQL Injection via last_post_id Parameter
CVSS 8.8
CVE-2024-33485
CRITICAL
CASAP Automated Enrollment System <V1.0 - SQL Injection
CVSS 9.8
CVE-2024-34256
CRITICAL
ofcms 1.1.2 - SQL Injection via New Table Function
CVSS 9.8
CVE-2024-33009
MEDIUM
SAP Global Label Management - SQL Injection
CVSS 4.2
CVE-2024-27941
HIGH
RUGGEDCOM CROSSBOW < 5.5 - SQL Injection
CVSS 8.8
CVE-2024-27940
HIGH
RUGGEDCOM CROSSBOW < 5.5 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-4824
CRITICAL
School ERP Pro+Responsive 1.0 - SQL Injection via Office Admin Index Parameters
CVSS 9.8
CVE-2024-4808
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via delete_faculty.php id Parameter
CVSS 6.3
CVE-2024-4807
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via delete_user.php id Parameter
CVSS 6.3
CVE-2024-4806
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via each_extracurricula_activities.php id Parameter
CVSS 6.3
CVE-2024-4805
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via edit_faculty.php id Parameter
CVSS 6.3
CVE-2024-4804
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via edit_user.php id Parameter
CVSS 6.3
CVE-2024-4803
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via submit_admin.php Phone Parameter
CVSS 6.3
Details
Vulnerabilities
19,718
Exploit Likelihood
High