CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-4802
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via activity_datetime Parameter
CVSS 6.3
CVE-2024-4801
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via submit_new_faculty.php Address Parameter
CVSS 6.3
CVE-2024-4800
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via submit_student.php date_of_birth Parameter
CVSS 6.3
CVE-2024-4799
MEDIUM
Kashipara College Management System 1.0 - SQL Injection via view_each_faculty.php id Parameter
CVSS 6.3
CVE-2024-4798
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection via Manage Brand ID Parameter
CVSS 6.3
CVE-2024-4796
MEDIUM
Campcodes Online Laundry Management System 1.0 - SQL Injection via /manage_inv.php id Parameter
CVSS 6.3
CVE-2024-4795
MEDIUM
Online Laundry Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-4794
MEDIUM
Campcodes Online Laundry Management System 1.0 - SQL Injection via manage_receiving.php id Parameter
CVSS 6.3
CVE-2024-4793
MEDIUM
Campcodes Online Laundry Management System 1.0 - SQL Injection via manage_laundry.php id Parameter
CVSS 6.3
CVE-2024-4792
MEDIUM
Campcodes Online Laundry Management System 1.0 - SQL Injection via admin_class.php id Parameter
CVSS 6.3
CVE-2024-4434
CRITICAL
LearnPress - WordPress LMS Plugin <4.2.6.5 - SQL Injection
CVSS 9.8
CVE-2024-4423
HIGH
CemiPark 4.5 4.7 5.03 - Authentication Bypass via Improper Input Validation
CVSS 7.2
CVE-2024-3055
HIGH
Unlimited Elements For Elementor < 1.5.105 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 8.8
CVE-2024-34310
HIGH
Jin Fang Times CMS <3.2.3 - SQL Injection
CVSS 8.8
CVE-2024-34226
CRITICAL
SourceCodester Visitor Management System 1.0 - SQL Injection
CVSS 9.4
CVE-2024-34222
MEDIUM
Sourcecodester HRMS 1.0 - SQL Injection
CVSS 5.9
CVE-2024-34220
HIGH
Sourcecodester HRMS 1.0 - SQL Injection
CVSS 7.5
CVE-2024-32739
HIGH
CyberPower PowerPanel < 2.8.3 - Unauthenticated SQL Injection via query_ptask_verbose Function
CVSS 7.5
CVE-2024-32738
HIGH
CyberPower PowerPanel < 2.8.3 - Unauthenticated SQL Injection via query_ptask_lean Function
CVSS 7.5
CVE-2024-32737
HIGH
CyberPower PowerPanel < 2.8.3 - Unauthenticated SQL Injection via query_contract_result Function
CVSS 7.5
CVE-2024-32736
HIGH
CyberPower PowerPanel < 2.8.3 - Unauthenticated SQL Injection via query_utask_verbose Function
CVSS 7.5
CVE-2024-32655
HIGH
Npgsql SQL Injection via Integer Overflow in WriteBind
CVSS 8.1
CVE-2024-31460
MEDIUM
Cacti < 1.2.27 - SQL Injection via automation_tree_rules.php
CVSS 6.5
CVE-2024-31458
MEDIUM
Cacti < 1.2.27 - SQL Injection via form_save() Function
CVSS 4.6
CVE-2024-31445
HIGH
Cacti < 1.2.27 - Authenticated SQL Injection via api_automation.php filter Parameter
CVSS 8.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High