CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-22719
HIGH
Form Tools 3.1.1 - SQL Injection via Client Search Keyword
CVSS 8.1
CVE-2024-31678
CRITICAL
Sourcecodester Loan Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-3621
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 SQL Injection via register_case.php
CVSS 4.7
CVE-2024-3620
MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via /control/adds.php Parameter Manipulation
CVSS 4.7
CVE-2024-3619
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via addcase_stage.php cname Parameter
CVSS 4.7
CVE-2024-3618
MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via Activate Case ID Parameter
CVSS 4.7
CVE-2024-3617
MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_case.php id Parameter
CVSS 4.7
CVE-2024-31356
HIGH
Solwin Infotech User Activity Log <1.8 - SQL Injection
CVSS 7.6
CVE-2024-31355
HIGH
Tribulant Slideshow Gallery <1.7.8 - SQL Injection
CVSS 8.5
CVE-2024-3540
MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3539
MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3538
MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3537
MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3536
MEDIUM
Campcodes Church Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3535
HIGH
Campcodes Church Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3534
HIGH
Campcodes Church Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3523
MEDIUM
Campcodes Online Event Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-3522
MEDIUM
Campcodes Online Event Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2871
MEDIUM
Media Library Assistant <= 3.13 - Authenticated SQL Injection via Shortcode Parameter
CVSS 6.4
CVE-2024-2804
CRITICAL
Network Summary plugin <2.0.11 - SQL Injection
CVSS 9.8
CVE-2024-2344
HIGH
Avada < 7.11.6 - Authenticated SQL Injection via Entry Parameter
CVSS 7.2
CVE-2024-2342
HIGH
Simply Schedule Appointments <= 1.6.7.7 - Authenticated SQL Injection via customer_id
CVSS 8.8
CVE-2024-2341
HIGH
Simply Schedule Appointments <= 1.6.7.7 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-2018
HIGH
WP Activity Log Premium <= 4.6.4 - Authenticated SQL Injection via entry->roles Parameter
CVSS 8.8
CVE-2024-1990
HIGH
RegistrationMagic - Custom Registration Forms <5.3.1.0 - SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High