CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-22719 HIGH
Form Tools 3.1.1 - SQL Injection via Client Search Keyword
CVSS 8.1
CVE-2024-31678 CRITICAL
Sourcecodester Loan Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-3621 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 SQL Injection via register_case.php
CVSS 4.7
CVE-2024-3620 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via /control/adds.php Parameter Manipulation
CVSS 4.7
CVE-2024-3619 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via addcase_stage.php cname Parameter
CVSS 4.7
CVE-2024-3618 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via Activate Case ID Parameter
CVSS 4.7
CVE-2024-3617 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_case.php id Parameter
CVSS 4.7
CVE-2024-31356 HIGH
Solwin Infotech User Activity Log <1.8 - SQL Injection
CVSS 7.6
CVE-2024-31355 HIGH
Tribulant Slideshow Gallery <1.7.8 - SQL Injection
CVSS 8.5
CVE-2024-3540 MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3539 MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3538 MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3537 MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3536 MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3535 HIGH
Campcodes Church Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3534 HIGH
Campcodes Church Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3523 MEDIUM
Campcodes Online Event Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3522 MEDIUM
Campcodes Online Event Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2871 MEDIUM
Media Library Assistant <= 3.13 - Authenticated SQL Injection via Shortcode Parameter
CVSS 6.4
CVE-2024-2804 CRITICAL
Network Summary plugin <2.0.11 - SQL Injection
CVSS 9.8
CVE-2024-2344 HIGH
Avada < 7.11.6 - Authenticated SQL Injection via Entry Parameter
CVSS 7.2
CVE-2024-2342 HIGH
Simply Schedule Appointments <= 1.6.7.7 - Authenticated SQL Injection via customer_id
CVSS 8.8
CVE-2024-2341 HIGH
Simply Schedule Appointments <= 1.6.7.7 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-2018 HIGH
WP Activity Log Premium <= 4.6.4 - Authenticated SQL Injection via entry->roles Parameter
CVSS 8.8
CVE-2024-1990 HIGH
RegistrationMagic - Custom Registration Forms <5.3.1.0 - SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,718
Exploit Likelihood High