CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-2661 HIGH
Barcode Scanner & Inventory manager POS - Blind SQL Injection
CVSS 8.8
CVE-2024-1797 HIGH
WP ULike < 4.6.9 - Authenticated SQL Injection via wp_ulike_counter and wp_ulike Shortcode Attributes
CVSS 8.8
CVE-2024-1173 HIGH
WP ERP < 1.13.2 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2024-33911 HIGH
Weblizar School Management Pro <= 10.3.4 - SQL Injection
CVSS 7.6
CVE-2024-33292 HIGH
Realisation MGSD <1.0 - SQL Injection
CVSS 8.2
CVE-2024-32212 HIGH
LOGINT LoMag Inventory Management <1.0.20.120 - SQL Injection
CVSS 8.1
CVE-2024-33332 HIGH
SpringBlade 3.7.1 - SQL Injection via Tenant API
CVSS 7.5
CVE-2024-29320 HIGH
wallos < 1.15.3 - SQL Injection via Category and Payment Parameters
CVSS 8.1
CVE-2024-33275 CRITICAL
Webbax supernewsletter <1.4.21 - Privilege Escalation
CVSS 9.8
CVE-2024-33273 CRITICAL
shipup <3.3.0 - Privilege Escalation
CVSS 9.8
CVE-2024-33267 CRITICAL
Hero hfheropayment <1.2.5 - SQL Injection
CVSS 9.8
CVE-2024-28294 MEDIUM
limbas < 5.2.14 - SQL Injection via ftid Parameter
CVSS 6.5
CVE-2024-33276 CRITICAL
FME Modules preorderandnotication <3.1.0 - SQL Injection
CVSS 9.8
CVE-2024-33272 MEDIUM
KnowBand for PrestaShop <2.0.0 - SQL Injection
CVSS 6.8
CVE-2024-33269 CRITICAL
Prestaddons flashsales <1.9.7 - SQL Injection
CVSS 9.8
CVE-2024-33268 CRITICAL
Digincube mdgiftproduct <1.4.1 - SQL Injection
CVSS 9.8
CVE-2024-33266 CRITICAL
Helloshop deliveryorderautoupdate <2.8.1 - SQL Injection
CVSS 9.8
CVE-2024-31821 HIGH
Ecommerce-CodeIgniter-Bootstrap <d22b54e - SQL Injection
CVSS 8.0
CVE-2024-31820 CRITICAL
ecommerce-codeigniter-bootstrap < 2024-01-02 - Remote Code Execution via getLangFolderForEdit Method
CVSS 9.8
CVE-2024-33444 CRITICAL
onethink 1.1 - SQL Injection via ModelModel.class.php
CVSS 9.8
CVE-2024-32493 HIGH
Znuny <6.5.7, <7.0.16 - SQL Injection
CVSS 8.8
CVE-2024-4309 HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Transaction Endpoints
CVSS 8.1
CVE-2024-4308 HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Multiple Admin Endpoints
CVSS 8.1
CVE-2024-4307 HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Multiple Endpoints
CVSS 8.1
CVE-2024-33546 CRITICAL
AA-Team WZone < 14.0.10 - SQL Injection
CVSS 9.6
Details
Vulnerabilities 19,718
Exploit Likelihood High