CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-2661
HIGH
Barcode Scanner & Inventory manager POS - Blind SQL Injection
CVSS 8.8
CVE-2024-1797
HIGH
WP ULike < 4.6.9 - Authenticated SQL Injection via wp_ulike_counter and wp_ulike Shortcode Attributes
CVSS 8.8
CVE-2024-1173
HIGH
WP ERP < 1.13.2 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2024-33911
HIGH
Weblizar School Management Pro <= 10.3.4 - SQL Injection
CVSS 7.6
CVE-2024-33292
HIGH
Realisation MGSD <1.0 - SQL Injection
CVSS 8.2
CVE-2024-32212
HIGH
LOGINT LoMag Inventory Management <1.0.20.120 - SQL Injection
CVSS 8.1
CVE-2024-33332
HIGH
SpringBlade 3.7.1 - SQL Injection via Tenant API
CVSS 7.5
CVE-2024-29320
HIGH
wallos < 1.15.3 - SQL Injection via Category and Payment Parameters
CVSS 8.1
CVE-2024-33275
CRITICAL
Webbax supernewsletter <1.4.21 - Privilege Escalation
CVSS 9.8
CVE-2024-33273
CRITICAL
shipup <3.3.0 - Privilege Escalation
CVSS 9.8
CVE-2024-33267
CRITICAL
Hero hfheropayment <1.2.5 - SQL Injection
CVSS 9.8
CVE-2024-28294
MEDIUM
limbas < 5.2.14 - SQL Injection via ftid Parameter
CVSS 6.5
CVE-2024-33276
CRITICAL
FME Modules preorderandnotication <3.1.0 - SQL Injection
CVSS 9.8
CVE-2024-33272
MEDIUM
KnowBand for PrestaShop <2.0.0 - SQL Injection
CVSS 6.8
CVE-2024-33269
CRITICAL
Prestaddons flashsales <1.9.7 - SQL Injection
CVSS 9.8
CVE-2024-33268
CRITICAL
Digincube mdgiftproduct <1.4.1 - SQL Injection
CVSS 9.8
CVE-2024-33266
CRITICAL
Helloshop deliveryorderautoupdate <2.8.1 - SQL Injection
CVSS 9.8
CVE-2024-31821
HIGH
Ecommerce-CodeIgniter-Bootstrap <d22b54e - SQL Injection
CVSS 8.0
CVE-2024-31820
CRITICAL
ecommerce-codeigniter-bootstrap < 2024-01-02 - Remote Code Execution via getLangFolderForEdit Method
CVSS 9.8
CVE-2024-33444
CRITICAL
onethink 1.1 - SQL Injection via ModelModel.class.php
CVSS 9.8
CVE-2024-32493
HIGH
Znuny <6.5.7, <7.0.16 - SQL Injection
CVSS 8.8
CVE-2024-4309
HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Transaction Endpoints
CVSS 8.1
CVE-2024-4308
HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Multiple Admin Endpoints
CVSS 8.1
CVE-2024-4307
HIGH
HubBank 1.0.2 - SQL Injection via id Parameter in Multiple Endpoints
CVSS 8.1
CVE-2024-33546
CRITICAL
AA-Team WZone < 14.0.10 - SQL Injection
CVSS 9.6
Details
Vulnerabilities
19,718
Exploit Likelihood
High