CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-29432
CRITICAL
Alldata v0.4.6 - SQL Injection via tablename Parameter
CVSS 9.8
CVE-2024-3148
MEDIUM
dedecms 5.7.112 - SQL Injection in makehtml_archives_action.php
CVSS 6.3
CVE-2024-23119
HIGH
Centreon < 22.04.19 & 22.10.x < 22.10.15 - SQLi & RCE via insertGraphTemplate
CVSS 8.8
CVE-2024-23118
HIGH
Centreon < 22.04.19 and 22.10.x < 22.10.15 - Authenticated SQL Injection via updateContactHostCommands
CVSS 7.2
CVE-2024-23117
HIGH
Centreon Web < 22.04.19 & Centreon < 22.10.15 - SQLi & RCE via updateContactServiceCommands
CVSS 7.2
CVE-2024-23116
HIGH
Centreon < 22.04.19 and 22.10.x < 22.10.15 - Authenticated SQL Injection via updateLCARelation
CVSS 7.2
CVE-2024-23115
HIGH
Centreon < 22.04.19 and Centreon Web < 22.10.15 - Authenticated SQL Injection via updateGroups Function
CVSS 7.2
CVE-2024-1863
CRITICAL
Sante PACS Server < 3.3.6 - Unauthenticated SQL Injection and Remote Code Execution via Token Parameter
CVSS 9.8
CVE-2024-0637
HIGH
Centreon <=22.10.15 - Authenticated Code Execution via updateDirectory SQL Injection
CVSS 8.8
CVE-2024-3131
MEDIUM
Computer Laboratory Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-30867
CRITICAL
netentsec NS-ASG 6.3 - SQL Injection via edit_virtual_site_info.php
CVSS 9.8
CVE-2024-30863
MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via /WebPages/history.php
CVSS 6.3
CVE-2024-30862
HIGH
netentsec NS-ASG 6.3 - SQL Injection via /3g/index.php
CVSS 8.8
CVE-2024-30861
MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via IPsec Guide Configuration
CVSS 5.3
CVE-2024-30860
HIGH
netentsec NS-ASG 6.3 - SQL Injection via export_excel_user.php
CVSS 8.8
CVE-2024-30859
HIGH
netentsec NS-ASG 6.3 - SQL Injection via /admin/config_ISCGroupSSLCert.php
CVSS 8.8
CVE-2024-25574
HIGH
GetDIAE_usListParameters - SQL Injection
CVSS 8.8
CVE-2024-30866
MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via /3g/menu.php
CVSS 5.4
CVE-2024-30865
CRITICAL
netentsec NS-ASG 6.3 - SQL Injection via edit_user_login.php
CVSS 9.8
CVE-2024-30864
MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via config_ISCGroupTimePolicy.php
CVSS 6.3
CVE-2024-30872
MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via authrp.php
CVSS 5.1
CVE-2024-30871
HIGH
netentsec NS-ASG 6.3 - SQL Injection via applyhardware.php
CVSS 8.8
CVE-2024-30870
HIGH
netentsec NS-ASG 6.3 - SQL Injection via /admin/address_interpret.php
CVSS 8.8
CVE-2024-31116
HIGH
10Web Map Builder for Google Maps < 1.0.74 - SQL Injection
CVSS 7.6
CVE-2024-30535
HIGH
WhiteStudio Easy Form Builder <3.7.4 - SQL Injection
CVSS 8.5
Details
Vulnerabilities
19,718
Exploit Likelihood
High