CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-29432 CRITICAL
Alldata v0.4.6 - SQL Injection via tablename Parameter
CVSS 9.8
CVE-2024-3148 MEDIUM
dedecms 5.7.112 - SQL Injection in makehtml_archives_action.php
CVSS 6.3
CVE-2024-23119 HIGH
Centreon < 22.04.19 & 22.10.x < 22.10.15 - SQLi & RCE via insertGraphTemplate
CVSS 8.8
CVE-2024-23118 HIGH
Centreon < 22.04.19 and 22.10.x < 22.10.15 - Authenticated SQL Injection via updateContactHostCommands
CVSS 7.2
CVE-2024-23117 HIGH
Centreon Web < 22.04.19 & Centreon < 22.10.15 - SQLi & RCE via updateContactServiceCommands
CVSS 7.2
CVE-2024-23116 HIGH
Centreon < 22.04.19 and 22.10.x < 22.10.15 - Authenticated SQL Injection via updateLCARelation
CVSS 7.2
CVE-2024-23115 HIGH
Centreon < 22.04.19 and Centreon Web < 22.10.15 - Authenticated SQL Injection via updateGroups Function
CVSS 7.2
CVE-2024-1863 CRITICAL
Sante PACS Server < 3.3.6 - Unauthenticated SQL Injection and Remote Code Execution via Token Parameter
CVSS 9.8
CVE-2024-0637 HIGH
Centreon <=22.10.15 - Authenticated Code Execution via updateDirectory SQL Injection
CVSS 8.8
CVE-2024-3131 MEDIUM
Computer Laboratory Management System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2024-30867 CRITICAL
netentsec NS-ASG 6.3 - SQL Injection via edit_virtual_site_info.php
CVSS 9.8
CVE-2024-30863 MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via /WebPages/history.php
CVSS 6.3
CVE-2024-30862 HIGH
netentsec NS-ASG 6.3 - SQL Injection via /3g/index.php
CVSS 8.8
CVE-2024-30861 MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via IPsec Guide Configuration
CVSS 5.3
CVE-2024-30860 HIGH
netentsec NS-ASG 6.3 - SQL Injection via export_excel_user.php
CVSS 8.8
CVE-2024-30859 HIGH
netentsec NS-ASG 6.3 - SQL Injection via /admin/config_ISCGroupSSLCert.php
CVSS 8.8
CVE-2024-25574 HIGH
GetDIAE_usListParameters - SQL Injection
CVSS 8.8
CVE-2024-30866 MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via /3g/menu.php
CVSS 5.4
CVE-2024-30865 CRITICAL
netentsec NS-ASG 6.3 - SQL Injection via edit_user_login.php
CVSS 9.8
CVE-2024-30864 MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via config_ISCGroupTimePolicy.php
CVSS 6.3
CVE-2024-30872 MEDIUM
netentsec NS-ASG 6.3 - SQL Injection via authrp.php
CVSS 5.1
CVE-2024-30871 HIGH
netentsec NS-ASG 6.3 - SQL Injection via applyhardware.php
CVSS 8.8
CVE-2024-30870 HIGH
netentsec NS-ASG 6.3 - SQL Injection via /admin/address_interpret.php
CVSS 8.8
CVE-2024-31116 HIGH
10Web Map Builder for Google Maps < 1.0.74 - SQL Injection
CVSS 7.6
CVE-2024-30535 HIGH
WhiteStudio Easy Form Builder <3.7.4 - SQL Injection
CVSS 8.5
Details
Vulnerabilities 19,718
Exploit Likelihood High