CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-30489
HIGH
WP Cost Estimation & Payment Forms Builder <10.1.75 - SQL Injection
CVSS 8.5
CVE-2024-3088
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Forgot Password Page Username Parameter
CVSS 7.3
CVE-2024-3087
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Ambulance Tracking Page searchdata Parameter
CVSS 7.3
CVE-2024-3085
HIGH
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 7.3
CVE-2024-30504
HIGH
WP Travel Engine < 5.7.9 - SQL Injection
CVSS 7.6
CVE-2024-30502
CRITICAL
WP Travel Engine < 5.7.9 - Unauthenticated Blind SQL Injection
CVSS 9.3
CVE-2024-23539
HIGH
Apache Fineract < 1.8.5 - SQL Injection
CVSS 8.3
CVE-2024-23538
CRITICAL
Apache Fineract < 1.8.5 - SQL Injection
CVSS 9.9
CVE-2024-30501
HIGH
Download Monitor <= 4.9.4 - SQL Injection
CVSS 7.6
CVE-2024-30499
HIGH
CRM Perks Forms <= 1.1.4 - SQL Injection
CVSS 8.5
CVE-2024-30498
CRITICAL
CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2024-30497
HIGH
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - SQL Injection
CVSS 8.5
CVE-2024-30496
HIGH
BdThemes Element Pack Elementor Addons <= 5.5.3 - SQL Injection
CVSS 8.5
CVE-2024-30495
HIGH
Faboba Falang < 1.3.48 - SQL Injection
CVSS 7.6
CVE-2024-30494
HIGH
OSS Aliyun < 1.4.10 - SQL Injection
CVSS 7.6
CVE-2024-30491
HIGH
ProfileGrid < 5.7.8 - SQL Injection
CVSS 8.5
CVE-2024-30490
CRITICAL
ProfileGrid < 5.7.8 - SQL Injection
CVSS 9.3
CVE-2024-30488
HIGH
Katie Zotpress <= 7.3.7 - SQL Injection
CVSS 8.5
CVE-2024-30486
HIGH
Media Library Folders < 8.1.7 - SQL Injection
CVSS 8.5
CVE-2024-30478
HIGH
Bulletin WordPress Announcement & Notification Banner Plugin < 3.8.5 - SQL Injection
CVSS 7.6
CVE-2024-0956
MEDIUM
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via erp/v1/accounting/v1/vendors/1/products/ REST Route
CVSS 4.9
CVE-2024-0913
HIGH
WP ERP < 1.13.0 - Authenticated Time-Based SQL Injection via Sales Transaction API
CVSS 7.2
CVE-2024-0608
MEDIUM
WP ERP < 1.13.1 - Authenticated SQL Injection via Email Parameter
CVSS 6.5
CVE-2024-28714
HIGH
crmeb_java < 1.3.4 - SQL Injection via groupid Parameter
CVSS 8.1
CVE-2024-24407
MEDIUM
Best Courier Management System 1.0 - SQL Injection via print_pdets.php
CVSS 5.3
Details
Vulnerabilities
19,718
Exploit Likelihood
High