CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-3014 MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection via Actions.php Title Argument
CVSS 6.3
CVE-2024-3003 MEDIUM
Online Book System 1.0 - SQL Injection via cart.php quantity/remove Parameter
CVSS 6.3
CVE-2024-3002 MEDIUM
Online Book System 1.0 - SQL Injection via ID Parameter in description.php
CVSS 6.3
CVE-2024-3001 MEDIUM
Online Book System 1.0 - SQL Injection via Product.php Value Parameter
CVSS 6.3
CVE-2024-3000 HIGH
Online Book System 1.0 - SQL Injection via Username/Password Parameters
CVSS 7.3
CVE-2024-2999 MEDIUM
Campcodes Online Art Gallery Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-30238 HIGH
Contest Gallery <= 21.3.2 - SQL Injection
CVSS 8.5
CVE-2024-2954 HIGH
Action Network plugin <1.4.3 - SQL Injection
CVSS 7.2
CVE-2024-2945 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2944 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2943 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2942 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2941 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2938 MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2934 MEDIUM
SourceCodester Todo List 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2932 MEDIUM
SourceCodester Online Chatting System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2927 HIGH
code-projects Mobile Shop 1.0 - SQL Injection
CVSS 7.3
CVE-2024-2916 HIGH
Campcodes House Rental Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-29303 CRITICAL
SourceCodester PHP Task Mgmt 1.0 - SQL Injection
CVSS 9.8
CVE-2024-29302 HIGH
SourceCodester PHP Task Management System 1.0 - SQL Injection
CVSS 7.5
CVE-2024-29301 HIGH
SourceCodester PHP Task Management System 1.0 - SQL Injection
CVSS 7.5
CVE-2024-28421 CRITICAL
cobub razor 0.8.0 - SQL Injection via ChannelModel::updateapk
CVSS 9.8
CVE-2024-28107 HIGH
phpMyFAQ >=3.2.5 <3.2.6 - Authenticated SQL Injection via Email Address Parameter
CVSS 8.8
CVE-2024-27299 HIGH
phpmyfaq 3.2.5 - Authenticated SQL Injection via News Author Email Field
CVSS 8.8
CVE-2024-2865 CRITICAL
Mergen Software Quality Management System <25032024 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,718
Exploit Likelihood High