CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-31212 MEDIUM
InstantCMS 2.16.2 - Authenticated SQL Injection via index_chart_data period Parameter
CVSS 6.7
CVE-2024-3316 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 SQLi via /admin/category/view_category.php id
CVSS 6.3
CVE-2024-3315 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via User ID Parameter
CVSS 6.3
CVE-2024-3314 MEDIUM
Computer Laboratory Management System 1.0 - SQL Injection in Users.php
CVSS 6.3
CVE-2024-29386 MEDIUM
projeqtor < 11.2.0 - SQL Injection via Critical Resource Export Component
CVSS 5.4
CVE-2024-31025 HIGH
ECshop 4.x - SQL Injection via article.php
CVSS 7.5
CVE-2024-3259 MEDIUM
SourceCodester Internship Portal Management System 1.0 - SQL Injection via activity_id Parameter
CVSS 6.3
CVE-2024-3258 MEDIUM
Internship Portal Management System 1.0 - SQL Injection via admin/add_activity.php Parameter Manipulation
CVSS 6.3
CVE-2024-3257 MEDIUM
Internship Portal Management System 1.0 - SQL Injection via admin/edit_activity_query.php Parameter Manipulation
CVSS 6.3
CVE-2024-3256 MEDIUM
Internship Portal Management System 1.0 - SQL Injection via admin/edit_activity.php activity_id Parameter
CVSS 6.3
CVE-2024-3255 MEDIUM
SourceCodester Internship Portal Management System 1.0 - SQL Injection via admin/edit_admin_query.php
CVSS 6.3
CVE-2024-3254 MEDIUM
SourceCodester Internship Portal Management System 1.0 - SQL Injection via admin_id Parameter
CVSS 6.3
CVE-2024-3253 MEDIUM
SourceCodester Internship Portal Management System 1.0 - SQL Injection via admin/add_admin.php
CVSS 6.3
CVE-2024-3252 MEDIUM
SourceCodester Internship Portal Management System 1.0 - SQL Injection via admin/check_admin.php
CVSS 6.3
CVE-2024-3251 MEDIUM
SourceCodester Computer Laboratory Management System 1.0 - SQL Injection via 'id' Parameter
CVSS 6.3
CVE-2024-30998 CRITICAL
Men Salon Management System 2.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2024-31010 HIGH
SEMCMS 4.8 - SQL Injection via Banner.php ID Parameter
CVSS 7.5
CVE-2024-31009 MEDIUM
semcms 4.8 - SQL Injection via Banner.php lgid Parameter
CVSS 6.5
CVE-2024-2879 CRITICAL
WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection
CVSS 9.8
CVE-2024-3226 HIGH
Campcodes Online Patient Record Management System 1.0 - SQL Injection via Password Parameter
CVSS 7.3
CVE-2024-3225 MEDIUM
SourceCodester PHP Task Management System 1.0 - SQL Injection via edit-task.php task_id Parameter
CVSS 6.3
CVE-2024-3224 MEDIUM
SourceCodester PHP Task Management System 1.0 - SQL Injection via task_id Parameter
CVSS 6.3
CVE-2024-3223 MEDIUM
SourceCodester PHP Task Management System 1.0 - SQL Injection via admin_id Parameter in admin-manage-user.php
CVSS 6.3
CVE-2024-3222 MEDIUM
SourceCodester PHP Task Management System 1.0 - SQL Injection via admin_id Parameter
CVSS 6.3
CVE-2024-3221 MEDIUM
SourceCodester PHP Task Management System 1.0 - SQL Injection via user_id Parameter
CVSS 6.3
Details
Vulnerabilities 19,718
Exploit Likelihood High