CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-32135 HIGH
WPZest Disable Comments <1.51 - SQL Injection
CVSS 7.6
CVE-2024-32134 HIGH
Nasirahmed Forms <1.1.12 - SQL Injection
CVSS 7.6
CVE-2024-32132 HIGH
Codeboxr Team CBX Bookmark & Favorite <1.7.20 - SQL Injection
CVSS 7.6
CVE-2024-32128 CRITICAL
Realtyna Organic IDX <4.14.4 - SQL Injection
CVSS 9.3
CVE-2024-32127 HIGH
Find Duplicates <1.4.6 - SQL Injection
CVSS 8.5
CVE-2024-32125 HIGH
Booking Algorithms <1.6.4 - SQL Injection
CVSS 8.5
CVE-2024-32098 HIGH
Page Visit Counter <8.0.6 - SQL Injection
CVSS 7.6
CVE-2024-32087 HIGH
WooCommerce for Google <3.5.7 - SQL Injection
CVSS 7.6
CVE-2024-3771 MEDIUM
PHPGurukul Student Record System 3.20 - SQL Injection via edit-subject.php sub1/sub2/sub3/sub4/udate Parameters
CVSS 6.3
CVE-2024-3770 MEDIUM
PHPGurukul Student Record System 3.20 - SQL Injection via manage-courses.php del Parameter
CVSS 6.3
CVE-2024-0399 HIGH
WooCommerce Customers Manager < 29.7 - Authenticated SQL Injection
CVSS 8.1
CVE-2024-3769 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Login Page
CVSS 7.3
CVE-2024-3768 MEDIUM
PHPGurukul News Portal 4.1 - SQL Injection via searchtitle Parameter
CVSS 6.3
CVE-2024-3767 MEDIUM
PHPGurukul News Portal 4.1 - SQL Injection via Post Title or Category Parameter
CVSS 6.3
CVE-2024-3720 MEDIUM
Tianwell Fire Intelligent Command Platform 1.1.1.1 - SQL Injection
CVSS 6.3
CVE-2024-3719 MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via ajax.php id Parameter
CVSS 6.3
CVE-2024-3698 MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via manage_payment.php id Parameter
CVSS 6.3
CVE-2024-3697 MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via manage_tenant.php id Parameter
CVSS 6.3
CVE-2024-3696 MEDIUM
Campcodes House Rental Management System 1.0 - SQL Injection via view_payment.php id Parameter
CVSS 6.3
CVE-2024-3691 HIGH
PHPGurukul Small CRM 3.0 - SQL Injection via Registration Page
CVSS 7.3
CVE-2024-3690 MEDIUM
PHPGurukul Small CRM 3.0 - SQL Injection in Change Password Handler
CVSS 6.3
CVE-2024-3704 CRITICAL
OpenGnsys 1.1.1d - SQL Injection via Login Page
CVSS 9.8
CVE-2024-3688 MEDIUM
Xiamen Four-Faith RMP Router Management Platform 5.2.2 - SQL Injection
CVSS 6.3
CVE-2024-3685 MEDIUM
DedeCMS 5.7.112-UTF8 - SQL Injection via stepselect_main.php ids Parameter
CVSS 6.3
CVE-2024-3211 HIGH
Shopping Cart & eCommerce Store <5.6.3 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,718
Exploit Likelihood High