CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-34533
HIGH
ZI PT Solusi Usaha Mudah Analytic Data Query <17.0.3 - SQL Injection
CVSS 7.3
CVE-2024-34532
CRITICAL
Yvan Dotet PostgreSQL Query Deluxe <17.0.0.4 - SQL Injection
CVSS 9.8
CVE-2024-33121
MEDIUM
Roothub v2.6 - SQL Injection via Search Function 's' Parameter
CVSS 6.3
CVE-2024-34412
HIGH
Parcel Panel <3.8.1 - SQL Injection
CVSS 8.5
CVE-2024-34386
HIGH
Lucian Apostol Auto Affiliate Links <6.4.3.1 - SQL Injection
CVSS 7.6
CVE-2024-33411
CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
CVSS 9.8
CVE-2024-33410
HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-33409
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2024-33408
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33407
MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 5.9
CVE-2024-33406
HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 7.3
CVE-2024-33405
HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via add_friends.php friend_index Parameter
CVSS 8.6
CVE-2024-33404
HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 8.3
CVE-2024-33403
CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2024-34472
MEDIUM
HSC Mailinspector <5.2.18 - Authenticated SQL Injection
CVSS 5.5
CVE-2024-4548
CRITICAL
DIAEnergie SQL Injection (CVE-2024-4548)
CVSS 9.8
CVE-2024-4547
CRITICAL
Delta Electronics DIAEnergie < 1.10.01.004 - Unauthenticated SQL Injection via RecalculateScript Message Fourth Field
CVSS 9.8
CVE-2024-31673
CRITICAL
Kliqqi-CMS 2.0.2 - SQL Injection via Userid Parameter
CVSS 9.8
CVE-2024-33787
HIGH
Hengan Weighing Management Information Query Platform - SQL Injection
CVSS 8.2
CVE-2024-4466
CRITICAL
Gescen - SQL Injection via Pass Parameter
CVSS 9.8
CVE-2024-34032
HIGH
Delta Electronics DIAEnergie - SQL Injection
CVSS 8.8
CVE-2024-34031
HIGH
Delta Electronics DIAEnergie - SQL Injection
CVSS 8.8
CVE-2024-4215
HIGH
pgAdmin4 < 8.6 - Multi-Factor Authentication Bypass
CVSS 7.4
CVE-2024-2876
CRITICAL
Wordpress Email Subscribers by Icegram Express - SQL Injection
CVSS 9.8
CVE-2024-2831
HIGH
WordPress Calendar plugin <1.3.14 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High