CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-34533 HIGH
ZI PT Solusi Usaha Mudah Analytic Data Query <17.0.3 - SQL Injection
CVSS 7.3
CVE-2024-34532 CRITICAL
Yvan Dotet PostgreSQL Query Deluxe <17.0.0.4 - SQL Injection
CVSS 9.8
CVE-2024-33121 MEDIUM
Roothub v2.6 - SQL Injection via Search Function 's' Parameter
CVSS 6.3
CVE-2024-34412 HIGH
Parcel Panel <3.8.1 - SQL Injection
CVSS 8.5
CVE-2024-34386 HIGH
Lucian Apostol Auto Affiliate Links <6.4.3.1 - SQL Injection
CVSS 7.6
CVE-2024-33411 CRITICAL
Campcodes Complete Web-Based School Management System 1.0 - SQL Injection via my_index Parameter
CVSS 9.8
CVE-2024-33410 HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 8.1
CVE-2024-33409 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2024-33408 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-33407 MEDIUM
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via id Parameter
CVSS 5.9
CVE-2024-33406 HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 7.3
CVE-2024-33405 HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via add_friends.php friend_index Parameter
CVSS 8.6
CVE-2024-33404 HIGH
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via index Parameter
CVSS 8.3
CVE-2024-33403 CRITICAL
campcodes Complete Web-Based School Management System 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2024-34472 MEDIUM
HSC Mailinspector <5.2.18 - Authenticated SQL Injection
CVSS 5.5
CVE-2024-4548 CRITICAL
DIAEnergie SQL Injection (CVE-2024-4548)
CVSS 9.8
CVE-2024-4547 CRITICAL
Delta Electronics DIAEnergie < 1.10.01.004 - Unauthenticated SQL Injection via RecalculateScript Message Fourth Field
CVSS 9.8
CVE-2024-31673 CRITICAL
Kliqqi-CMS 2.0.2 - SQL Injection via Userid Parameter
CVSS 9.8
CVE-2024-33787 HIGH
Hengan Weighing Management Information Query Platform - SQL Injection
CVSS 8.2
CVE-2024-4466 CRITICAL
Gescen - SQL Injection via Pass Parameter
CVSS 9.8
CVE-2024-34032 HIGH
Delta Electronics DIAEnergie - SQL Injection
CVSS 8.8
CVE-2024-34031 HIGH
Delta Electronics DIAEnergie - SQL Injection
CVSS 8.8
CVE-2024-4215 HIGH
pgAdmin4 < 8.6 - Multi-Factor Authentication Bypass
CVSS 7.4
CVE-2024-2876 CRITICAL
Wordpress Email Subscribers by Icegram Express - SQL Injection
CVSS 9.8
CVE-2024-2831 HIGH
WordPress Calendar plugin <1.3.14 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,718
Exploit Likelihood High