CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-3423 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activateteach.php Selector Argument
CVSS 6.3
CVE-2024-3422 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/activatestud.php Selector Parameter
CVSS 6.3
CVE-2024-3421 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/deactivatestud.php Selector Argument
CVSS 6.3
CVE-2024-3420 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/saveedit.php id Parameter
CVSS 6.3
CVE-2024-3419 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/edit.php id Parameter
CVSS 6.3
CVE-2024-3418 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/deactivateteach.php selector Parameter
CVSS 6.3
CVE-2024-3417 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/saveeditt.php Contact Parameter
CVSS 6.3
CVE-2024-3416 MEDIUM
SourceCodester Online Courseware 1.0 - SQL Injection via admin/editt.php id Parameter
CVSS 6.3
CVE-2024-3413 HIGH
SourceCodester Human Resource Information System 1.0 - SQL Injection via hr_email/hr_password Parameter
CVSS 7.3
CVE-2024-3363 HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3362 HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3361 HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3360 HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3359 HIGH
SourceCodester Online Library System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3356 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3355 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3354 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3353 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3352 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3351 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3350 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3349 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3348 HIGH
SourceCodester Aplaya Beach Resort Online Reservation System 1.0 - ...
CVSS 7.3
CVE-2024-3347 HIGH
SourceCodester Airline Ticket Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-3217 HIGH
WP Directory Kit <= 1.3.0 - Authenticated SQL Injection via attribute_value and attribute_id Parameters
CVSS 8.8
Details
Vulnerabilities 19,718
Exploit Likelihood High