CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-30974
HIGH
autoexpress 1.3.0 - SQL Injection via carId Parameter
CVSS 7.3
CVE-2024-31547
CRITICAL
Computer Laboratory Management System 1.0 - SQL Injection via id Parameter
CVSS 9.1
CVE-2024-31546
CRITICAL
Computer Laboratory Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2024-31750
CRITICAL
f-logic datacube3 <1.0 - Info Disclosure
CVSS 9.8
CVE-2024-30938
CRITICAL
SEMCMS 4.8 - SQL Injection via ID Parameter in SEMCMS_User.php
CVSS 9.8
CVE-2024-30928
HIGH
derbynet < 9.0 - SQL Injection via classids Parameter
CVSS 8.1
CVE-2024-30922
CRITICAL
derbynet < 9.0 - SQL Injection via Award Document Rendering Where Clause
CVSS 9.8
CVE-2024-32602
HIGH
WooCommerce Multilingual & Multicurrency <= 5.3.3.1 - SQL Injection
CVSS 7.6
CVE-2024-32551
HIGH
SP Project & Document Manager <4.71 - SQL Injection
CVSS 7.6
CVE-2024-29001
HIGH
SolarWinds Platform < 2024.1.1 - Authenticated SQL Injection via SWQL Interface
CVSS 7.5
CVE-2024-30990
CRITICAL
phpgurukul Client Management System 1.1 - SQL Injection via Invoices Page Search Parameter
CVSS 9.8
CVE-2024-30985
CRITICAL
phpgurukul Client Management System 1.1 - SQL Injection via B/W Dates Reports Page Parameters
CVSS 9.8
CVE-2024-30982
CRITICAL
phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via upid Parameter
CVSS 9.8
CVE-2024-30983
HIGH
phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via compname Parameter
CVSS 7.3
CVE-2024-30981
CRITICAL
phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via editid in edit-computer-detail.php
CVSS 9.8
CVE-2024-30980
CRITICAL
phpgurukul Cyber Cafe Management System 1.0 - SQL Injection via Computer Location Parameter
CVSS 9.8
CVE-2024-3067
HIGH
WooCommerce Google Feed Manager <= 2.4.2 - Authenticated SQL Injection via 'id' Parameter
CVSS 7.2
CVE-2024-1601
CRITICAL
lollms-webui - SQL Injection via delete_discussion() Function
CVSS 9.8
CVE-2024-28558
HIGH
Petrol Pump Management Software 1.0 - SQL Injection via admin/app/web_crud.php
CVSS 8.8
CVE-2024-28557
CRITICAL
php_task_management_system 1.0 - SQL Injection via update-admin.php
CVSS 9.8
CVE-2024-28556
CRITICAL
php_task_management_system 1.0 - SQL Injection via admin-manage-user.php
CVSS 9.8
CVE-2024-3797
MEDIUM
SourceCodester QR Code Bookmark System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-32139
HIGH
Podlove Podcast Publisher <4.0.12 - SQL Injection
CVSS 8.5
CVE-2024-32137
HIGH
Solwin User Activity Log Pro <2.3.4 - SQL Injection
CVSS 8.5
CVE-2024-32136
HIGH
Xenioushk BWL Advanced FAQ Mgr <2.0.3 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,718
Exploit Likelihood
High