CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-1893
HIGH
Easy Property Listings <= 3.5.2 - Authenticated Time-Based SQL Injection via property_status Shortcode Attribute
CVSS 8.8
CVE-2024-0952
HIGH
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2024-31507
HIGH
Online Graduate Tracer System 1.0 - SQL Injection via Request Parameter
CVSS 8.6
CVE-2024-31506
HIGH
Online Graduate Tracer System 1.0 - SQL Injection via id Parameter
CVSS 7.5
CVE-2024-31370
HIGH
CodeIsAwesome AIKit <4.14.1 - SQL Injection
CVSS 8.5
CVE-2024-3466
MEDIUM
SourceCodester Laundry Management System 1.0 - SQL Injection via Pengeluaran Controller laporan_filter Function
CVSS 5.5
CVE-2024-3465
MEDIUM
Laundry Shop Management System 1.0 - SQL Injection via Transaki Controller laporan_filter Function
CVSS 6.3
CVE-2024-3464
MEDIUM
Laundry Shop Management System 1.0 - SQL Injection via jeniskelamin Parameter in Pelanggan.php
CVSS 6.3
CVE-2024-3458
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via TunnelId Parameter
CVSS 6.3
CVE-2024-3457
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GroupId Parameter
CVSS 6.3
CVE-2024-3456
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GroupId Parameter
CVSS 6.3
CVE-2024-3455
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via SingleLoginId Parameter
CVSS 6.3
CVE-2024-3445
MEDIUM
SourceCodester Laundry Management System 1.0 - SQL Injection via /karyawan/laporan_filter data_karyawan Parameter
CVSS 6.3
CVE-2024-3442
MEDIUM
Prison Management System 1.0 - SQL Injection via /Employee/delete_leave.php
CVSS 6.3
CVE-2024-3441
MEDIUM
Prison Management System 1.0 - SQL Injection via /Employee/edit-profile.php
CVSS 6.3
CVE-2024-3440
MEDIUM
Prison Management System 1.0 - SQL Injection via Admin/edit_profile.php
CVSS 4.7
CVE-2024-3439
HIGH
SourceCodester Prison Management System 1.0 - SQL Injection via Account Login
CVSS 7.3
CVE-2024-3438
HIGH
Prison Management System 1.0 - SQL Injection via Admin Login Page
CVSS 7.3
CVE-2024-3432
MEDIUM
PuneethReddyHC Event Management 1.0 - SQL Injection via Register Endpoint Parameters
CVSS 5.5
CVE-2024-31260
HIGH
Edwiser Bridge <= 3.0.2 - SQL Injection
CVSS 7.6
CVE-2024-31241
HIGH
ThimPress LearnPress <4.0.3 - SQL Injection
CVSS 7.6
CVE-2024-31234
HIGH
Sizam REHub Framework <19.6.2 - SQL Injection
CVSS 8.5
CVE-2024-31233
HIGH
Sizam Rehub <19.6.1 - SQL Injection
CVSS 8.5
CVE-2024-3425
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activateall.php Selector Parameter
CVSS 6.3
CVE-2024-3424
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/listscore.php title Parameter
CVSS 6.3
Details
Vulnerabilities
19,718
Exploit Likelihood
High