CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-33544
CRITICAL
AA-Team WZone <14.0.10 - SQL Injection
CVSS 9.3
CVE-2024-33559
CRITICAL
8theme XStore <9.3.5 - SQL Injection
CVSS 9.3
CVE-2024-33551
CRITICAL
8theme XStore Core <= 5.3.5 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-4257
MEDIUM
BlueNet Technology Clinical Browsing System 1.2.1 - SQL Injection
CVSS 6.3
CVE-2024-3342
CRITICAL
MotoPress plugin <2.4.11 - SQL Injection
CVSS 9.9
CVE-2024-28322
CRITICAL
PuneethReddyHC Event Management 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2024-3060
MEDIUM
ENL Newsletter < 1.0.1 - Authenticated SQL Injection
CVSS 4.5
CVE-2024-3265
MEDIUM
Advanced Search WordPress Plugin < 1.1.6 - Authenticated SQL Injection in Multisite Configuration
CVSS 4.7
CVE-2024-33247
HIGH
Sourcecodester Employee Task Management System 1.0 - SQL Injection via admin-manage-user.php
CVSS 8.8
CVE-2024-32872
MEDIUM
Umbraco.Workflow < 10.3.9, < 12.2.6, < 13.0.6 - Authenticated SQL Injection via API Endpoint
CVSS 5.5
CVE-2024-32706
HIGH
ARForms <= 6.4 - SQL Injection
CVSS 8.5
CVE-2024-32710
HIGH
Plechev Andrey WP-Recall <17.0 - SQL Injection
CVSS 8.5
CVE-2024-32709
CRITICAL
Plechev Andrey WP-Recall <16.26.5 - SQL Injection
CVSS 9.3
CVE-2024-28613
CRITICAL
PHP Task Management System 1.0 - SQL Injection via task_id Parameter
CVSS 9.8
CVE-2024-4093
MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection
CVSS 6.3
CVE-2024-4071
MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4070
MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-4069
MEDIUM
Kashipara Online Furniture Shopping Ecommerce Website 1.0 - SQL Inj...
CVSS 6.3
CVE-2024-31077
HIGH
Forminator < 1.29.3 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-3293
HIGH
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated Blind SQL Injection
CVSS 8.8
CVE-2024-32480
HIGH
LibreNMS < 24.4.0 - SQL Injection via Order Parameter
CVSS 7.2
CVE-2024-32461
HIGH
LibreNMS < 24.4.0 - Authenticated SQL Injection via Search Package Parameter
CVSS 7.1
CVE-2024-27574
CRITICAL
Trainme Academy Ichin <1.3.2 - Info Disclosure
CVSS 9.1
CVE-2024-31545
CRITICAL
Computer Laboratory Management System 1.0 - SQL Injection via id Parameter
CVSS 9.4
CVE-2024-22856
MEDIUM
Axe Credit Portal >= v.3.0 - SQL Injection
CVSS 5.4
Details
Vulnerabilities
19,718
Exploit Likelihood
High