CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-3042 MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2024-3041 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via /protocol/log/listloginfo.php
CVSS 6.3
CVE-2024-3040 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via CRLId Parameter
CVSS 6.3
CVE-2024-3039 MEDIUM
Shanghai Brad Technology BladeX 3.4.0 - SQL Injection via /api/blade-user/export-user API
CVSS 6.3
CVE-2024-29239 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
CVSS 5.4
CVE-2024-29238 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
CVSS 5.4
CVE-2024-29237 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
CVSS 5.4
CVE-2024-29236 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
CVSS 5.4
CVE-2024-29235 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
CVSS 5.4
CVE-2024-29234 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
CVSS 5.4
CVE-2024-29233 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
CVSS 5.4
CVE-2024-29232 MEDIUM
Synology Surveillance Station <9.2.0-11289,9.2.0-9289 - SQL Injection
CVSS 5.4
CVE-2024-29230 MEDIUM
Synology Surveillance Station < 9.2.0-9289 - Authenticated SQL Injection via SnapShot.CountByCategory WebAPI
CVSS 5.4
CVE-2024-29227 MEDIUM
Synology Surveillance Station <9.2.0-9289,9.2.0-11289 - SQL Injection
CVSS 5.4
CVE-2024-25924 HIGH
Trustindex.Io WP Testimonials <1.4.3 - SQL Injection
CVSS 7.6
CVE-2024-30245 HIGH
DecaLog <= 3.9.0 - SQL Injection
CVSS 7.6
CVE-2024-30244 HIGH
Church Admin < 4.0.27 - SQL Injection via Shortcode
CVSS 8.5
CVE-2024-30243 HIGH
Tomas WordPress Tooltips <9.4.5 - SQL Injection
CVSS 8.5
CVE-2024-30242 HIGH
IT Path Solutions Contact Form to Any API <1.1.8 - SQL Injection
CVSS 8.5
CVE-2024-30241 HIGH
ProfileGrid < 5.7.1 - SQL Injection
CVSS 8.5
CVE-2024-30240 HIGH
Typps Calendarista <15.5.7 - SQL Injection
CVSS 8.5
CVE-2024-30239 HIGH
Zoho Campaigns <2.0.6 - SQL Injection
CVSS 8.5
CVE-2024-30237 HIGH
Supsystic Slider <1.8.10 - SQL Injection
CVSS 7.6
CVE-2024-30236 HIGH
Contest Gallery <21.3.4 - SQL Injection
CVSS 8.5
CVE-2024-3015 MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection via manage_plan.php id Parameter
CVSS 6.3
Details
Vulnerabilities 19,718
Exploit Likelihood High