CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-1893 HIGH
Easy Property Listings <= 3.5.2 - Authenticated Time-Based SQL Injection via property_status Shortcode Attribute
CVSS 8.8
CVE-2024-0952 HIGH
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via ID Parameter
CVSS 7.2
CVE-2024-31507 HIGH
Online Graduate Tracer System 1.0 - SQL Injection via Request Parameter
CVSS 8.6
CVE-2024-31506 HIGH
Online Graduate Tracer System 1.0 - SQL Injection via id Parameter
CVSS 7.5
CVE-2024-31370 HIGH
CodeIsAwesome AIKit <4.14.1 - SQL Injection
CVSS 8.5
CVE-2024-3466 MEDIUM
SourceCodester Laundry Management System 1.0 - SQL Injection via Pengeluaran Controller laporan_filter Function
CVSS 5.5
CVE-2024-3465 MEDIUM
Laundry Shop Management System 1.0 - SQL Injection via Transaki Controller laporan_filter Function
CVSS 6.3
CVE-2024-3464 MEDIUM
Laundry Shop Management System 1.0 - SQL Injection via jeniskelamin Parameter in Pelanggan.php
CVSS 6.3
CVE-2024-3458 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via TunnelId Parameter
CVSS 6.3
CVE-2024-3457 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GroupId Parameter
CVSS 6.3
CVE-2024-3456 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GroupId Parameter
CVSS 6.3
CVE-2024-3455 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via SingleLoginId Parameter
CVSS 6.3
CVE-2024-3445 MEDIUM
SourceCodester Laundry Management System 1.0 - SQL Injection via /karyawan/laporan_filter data_karyawan Parameter
CVSS 6.3
CVE-2024-3442 MEDIUM
Prison Management System 1.0 - SQL Injection via /Employee/delete_leave.php
CVSS 6.3
CVE-2024-3441 MEDIUM
Prison Management System 1.0 - SQL Injection via /Employee/edit-profile.php
CVSS 6.3
CVE-2024-3440 MEDIUM
Prison Management System 1.0 - SQL Injection via Admin/edit_profile.php
CVSS 4.7
CVE-2024-3439 HIGH
SourceCodester Prison Management System 1.0 - SQL Injection via Account Login
CVSS 7.3
CVE-2024-3438 HIGH
Prison Management System 1.0 - SQL Injection via Admin Login Page
CVSS 7.3
CVE-2024-3432 MEDIUM
PuneethReddyHC Event Management 1.0 - SQL Injection via Register Endpoint Parameters
CVSS 5.5
CVE-2024-31260 HIGH
Edwiser Bridge <= 3.0.2 - SQL Injection
CVSS 7.6
CVE-2024-31241 HIGH
ThimPress LearnPress <4.0.3 - SQL Injection
CVSS 7.6
CVE-2024-31234 HIGH
Sizam REHub Framework <19.6.2 - SQL Injection
CVSS 8.5
CVE-2024-31233 HIGH
Sizam Rehub <19.6.1 - SQL Injection
CVSS 8.5
CVE-2024-3425 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activateall.php Selector Parameter
CVSS 6.3
CVE-2024-3424 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/listscore.php title Parameter
CVSS 6.3
Details
Vulnerabilities 19,718
Exploit Likelihood High