CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-32135
HIGH
WPZest Disable Comments <1.51 - SQL Injection
CVSS 7.6
CVE-2024-32134
HIGH
Nasirahmed Forms <1.1.12 - SQL Injection
CVSS 7.6
CVE-2024-32132
HIGH
Codeboxr Team CBX Bookmark & Favorite <1.7.20 - SQL Injection
CVSS 7.6
CVE-2024-32128
CRITICAL
Realtyna Organic IDX <4.14.4 - SQL Injection
CVSS 9.3
CVE-2024-32127
HIGH
Find Duplicates <1.4.6 - SQL Injection
CVSS 8.5
CVE-2024-32125
HIGH
Booking Algorithms <1.6.4 - SQL Injection
CVSS 8.5
CVE-2024-32098
HIGH
Page Visit Counter <8.0.6 - SQL Injection
CVSS 7.6
CVE-2024-32087
HIGH
WooCommerce for Google <3.5.7 - SQL Injection
CVSS 7.6
CVE-2024-3771
MEDIUM
PHPGurukul Student Record System 3.20 - SQL Injection via edit-subject.php sub1/sub2/sub3/sub4/udate Parameters
CVSS 6.3
CVE-2024-3770
MEDIUM
PHPGurukul Student Record System 3.20 - SQL Injection via manage-courses.php del Parameter
CVSS 6.3
CVE-2024-0399
HIGH
WooCommerce Customers Manager < 29.7 - Authenticated SQL Injection
CVSS 8.1
CVE-2024-3769
HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Login Page
CVSS 7.3
CVE-2024-3768
MEDIUM
PHPGurukul News Portal 4.1 - SQL Injection via searchtitle Parameter
CVSS 6.3
CVE-2024-3767
MEDIUM
PHPGurukul News Portal 4.1 - SQL Injection via Post Title or Category Parameter
CVSS 6.3
CVE-2024-3720
MEDIUM
Tianwell Fire Intelligent Command Platform 1.1.1.1 - SQL Injection
CVSS 6.3
CVE-2024-3719
MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via ajax.php id Parameter
CVSS 6.3
CVE-2024-3698
MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via manage_payment.php id Parameter
CVSS 6.3
CVE-2024-3697
MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via manage_tenant.php id Parameter
CVSS 6.3
CVE-2024-3696
MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via view_payment.php id Parameter
CVSS 6.3
CVE-2024-3691
HIGH
PHPGurukul Small CRM 3.0 - SQL Injection via Registration Page
CVSS 7.3
CVE-2024-3690
MEDIUM
PHPGurukul Small CRM 3.0 - SQL Injection in Change Password Handler
CVSS 6.3
CVE-2024-3704
CRITICAL
OpenGnsys 1.1.1d - SQL Injection via Login Page
CVSS 9.8
CVE-2024-3688
MEDIUM
Xiamen Four-Faith RMP Router Management Platform 5.2.2 - SQL Injection
CVSS 6.3
CVE-2024-3685
MEDIUM
DedeCMS 5.7.112-UTF8 - SQL Injection via stepselect_main.php ids Parameter
CVSS 6.3
CVE-2024-3211
HIGH
Shopping Cart & eCommerce Store <5.6.3 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High