CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-30489 HIGH
WP Cost Estimation & Payment Forms Builder <10.1.75 - SQL Injection
CVSS 8.5
CVE-2024-3088 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Forgot Password Page Username Parameter
CVSS 7.3
CVE-2024-3087 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Ambulance Tracking Page searchdata Parameter
CVSS 7.3
CVE-2024-3085 HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 7.3
CVE-2024-30504 HIGH
WP Travel Engine < 5.7.9 - SQL Injection
CVSS 7.6
CVE-2024-30502 CRITICAL
WP Travel Engine < 5.7.9 - Unauthenticated Blind SQL Injection
CVSS 9.3
CVE-2024-23539 HIGH
Apache Fineract < 1.8.5 - SQL Injection
CVSS 8.3
CVE-2024-23538 CRITICAL
Apache Fineract < 1.8.5 - SQL Injection
CVSS 9.9
CVE-2024-30501 HIGH
Download Monitor <= 4.9.4 - SQL Injection
CVSS 7.6
CVE-2024-30499 HIGH
CRM Perks Forms <= 1.1.4 - SQL Injection
CVSS 8.5
CVE-2024-30498 CRITICAL
CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-30497 HIGH
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - SQL Injection
CVSS 8.5
CVE-2024-30496 HIGH
BdThemes Element Pack Elementor Addons <= 5.5.3 - SQL Injection
CVSS 8.5
CVE-2024-30495 HIGH
Faboba Falang < 1.3.48 - SQL Injection
CVSS 7.6
CVE-2024-30494 HIGH
OSS Aliyun < 1.4.10 - SQL Injection
CVSS 7.6
CVE-2024-30491 HIGH
ProfileGrid < 5.7.8 - SQL Injection
CVSS 8.5
CVE-2024-30490 CRITICAL
ProfileGrid < 5.7.8 - SQL Injection
CVSS 9.3
CVE-2024-30488 HIGH
Katie Zotpress <= 7.3.7 - SQL Injection
CVSS 8.5
CVE-2024-30486 HIGH
Media Library Folders < 8.1.7 - SQL Injection
CVSS 8.5
CVE-2024-30478 HIGH
Bulletin WordPress Announcement & Notification Banner Plugin < 3.8.5 - SQL Injection
CVSS 7.6
CVE-2024-0956 MEDIUM
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via erp/v1/accounting/v1/vendors/1/products/ REST Route
CVSS 4.9
CVE-2024-0913 HIGH
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via Sales Transaction API
CVSS 7.2
CVE-2024-0608 MEDIUM
WP ERP < 1.13.1 - Authenticated SQL Injection via Email Parameter
CVSS 6.5
CVE-2024-28714 HIGH
crmeb_java < 1.3.4 - SQL Injection via groupid Parameter
CVSS 8.1
CVE-2024-24407 MEDIUM
Best Courier Management System 1.0 - SQL Injection via print_pdets.php
CVSS 5.3
Details
Vulnerabilities 19,718
Exploit Likelihood High