CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-3423
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activateteach.php Selector Argument
CVSS 6.3
CVE-2024-3422
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activatestud.php Selector Parameter
CVSS 6.3
CVE-2024-3421
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/deactivatestud.php Selector Argument
CVSS 6.3
CVE-2024-3420
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/saveedit.php id Parameter
CVSS 6.3
CVE-2024-3419
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/edit.php id Parameter
CVSS 6.3
CVE-2024-3418
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/deactivateteach.php selector Parameter
CVSS 6.3
CVE-2024-3417
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/saveeditt.php Contact Parameter
CVSS 6.3
CVE-2024-3416
MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/editt.php id Parameter
CVSS 6.3
CVE-2024-3413
HIGH
SourceCodester Human Resource Information System 1.0 - SQL Injection via hr_email/hr_password Parameter
CVSS 7.3
CVE-2024-3363
HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3362
HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3361
HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3360
HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3359
HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3356
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3355
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3354
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3353
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3352
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3351
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3350
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3349
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3348
HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3347
HIGH
SourceCodester Airline Ticket Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3217
HIGH
WP Directory Kit <= 1.3.0 - Authenticated SQL Injection via attribute_value and attribute_id Parameters
CVSS 8.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High