CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-33544 CRITICAL
AA-Team WZone <14.0.10 - SQL Injection
CVSS 9.3
CVE-2024-33559 CRITICAL
8theme XStore <9.3.5 - SQL Injection
CVSS 9.3
CVE-2024-33551 CRITICAL
8theme XStore Core <= 5.3.5 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-4257 MEDIUM
BlueNet Technology Clinical Browsing System 1.2.1 - SQL Injection
CVSS 6.3
CVE-2024-3342 CRITICAL
MotoPress plugin <2.4.11 - SQL Injection
CVSS 9.9
CVE-2024-28322 CRITICAL
PuneethReddyHC Event Management 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2024-3060 MEDIUM
ENL Newsletter < 1.0.1 - Authenticated SQL Injection
CVSS 4.5
CVE-2024-3265 MEDIUM
Advanced Search WordPress Plugin < 1.1.6 - Authenticated SQL Injection in Multisite Configuration
CVSS 4.7
CVE-2024-33247 HIGH
Sourcecodester Employee Task Management System 1.0 - SQL Injection via admin-manage-user.php
CVSS 8.8
CVE-2024-32872 MEDIUM
Umbraco.Workflow < 10.3.9, < 12.2.6, < 13.0.6 - Authenticated SQL Injection via API Endpoint
CVSS 5.5
CVE-2024-32706 HIGH
ARForms <= 6.4 - SQL Injection
CVSS 8.5
CVE-2024-32710 HIGH
Plechev Andrey WP-Recall <17.0 - SQL Injection
CVSS 8.5
CVE-2024-32709 CRITICAL
Plechev Andrey WP-Recall <16.26.5 - SQL Injection
CVSS 9.3
CVE-2024-28613 CRITICAL
PHP Task Management System 1.0 - SQL Injection via task_id Parameter
CVSS 9.8
CVE-2024-4093 MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection
CVSS 6.3
CVE-2024-4071 MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4070 MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4069 MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-31077 HIGH
Forminator < 1.29.3 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-3293 HIGH
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated Blind SQL Injection
CVSS 8.8
CVE-2024-32480 HIGH
LibreNMS < 24.4.0 - SQL Injection via Order Parameter
CVSS 7.2
CVE-2024-32461 HIGH
LibreNMS < 24.4.0 - Authenticated SQL Injection via Search Package Parameter
CVSS 7.1
CVE-2024-27574 CRITICAL
Trainme Academy Ichin <1.3.2 - Info Disclosure
CVSS 9.1
CVE-2024-31545 CRITICAL
Computer Laboratory Management System 1.0 - SQL Injection via id Parameter
CVSS 9.4
CVE-2024-22856 MEDIUM
Axe Credit Portal >= v.3.0 - SQL Injection
CVSS 5.4
Details
Vulnerabilities 19,718
Exploit Likelihood High