CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-25514 CRITICAL
RuvarOA <6.01,12.01 - SQL Injection
CVSS 9.4
CVE-2024-25513 HIGH
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 7.8
CVE-2024-25511 CRITICAL
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 9.4
CVE-2024-25510 CRITICAL
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 9.8
CVE-2024-25509 CRITICAL
RuvarOA 6.01 and 12.01 - SQL Injection via sys_file_storage_id Parameter
CVSS 9.4
CVE-2024-25512 HIGH
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 8.1
CVE-2024-25508 CRITICAL
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 9.8
CVE-2024-25507 CRITICAL
RuvarOA <6.01, 12.01 - SQL Injection
CVSS 9.4
CVE-2024-33164 CRITICAL
j2eefast 2.7.0 - SQL Injection via sql_filter Parameter in authUserList()
CVSS 9.8
CVE-2024-33161 MEDIUM
j2eefast v2.7.0 - SQL Injection via sql_filter Parameter in unallocatedList()
CVSS 5.3
CVE-2024-33155 CRITICAL
j2eefast v2.7.0 - SQL Injection via sql_filter Parameter in getDeptList()
CVSS 9.8
CVE-2024-33153 CRITICAL
j2eefast v2.7.0 - SQL Injection via sql_filter Parameter in commentList()
CVSS 9.8
CVE-2024-33149 HIGH
j2eefast 2.7.0 - SQL Injection via sql_filter Parameter in myProcessList Function
CVSS 8.1
CVE-2024-33148 HIGH
j2eefast 2.7.0 - SQL Injection via sql_filter Parameter
CVSS 7.3
CVE-2024-33147 HIGH
j2eefast 2.7.0 - SQL Injection via sql_filter Parameter in authRoleList Function
CVSS 8.8
CVE-2024-33146 CRITICAL
j2eefast v2.7.0 - SQL Injection via sql_filter Parameter in Export Function
CVSS 9.1
CVE-2024-33144 HIGH
j2eefast 2.7.0 - SQL Injection via sql_filter Parameter in BpmTaskMapper.xml
CVSS 8.8
CVE-2024-33139 HIGH
j2eefast v2.7.0 - SQL Injection via sql_filter Parameter in findpage Function
CVSS 7.5
CVE-2024-4595 MEDIUM
semcms < 4.8 - SQL Injection via locate Function in function.php
CVSS 6.3
CVE-2024-33124 CRITICAL
Roothub v2.6 - SQL Injection via nodeTitle Parameter in parentNode() Function
CVSS 9.8
CVE-2024-33122 MEDIUM
Roothub 2.6 - SQL Injection via Topic Parameter in list() Function
CVSS 6.3
CVE-2024-32369 MEDIUM
HSC Cybersecurity HC Mailinspector <5.2.18 - SQL Injection
CVSS 4.3
CVE-2024-31456 HIGH
GLPI 9.3.0-10.0.14 - Authenticated SQL Injection via Map Search
CVSS 7.7
CVE-2024-29889 HIGH
GLPI 10.0.10-10.0.14 - Authenticated SQL Injection via Saved Searches Feature
CVSS 7.1
CVE-2024-34534 HIGH
Cybrosys Techno Solutions Text Commander <16.0.1 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 19,718
Exploit Likelihood High