CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-3014
MEDIUM
SourceCodester Simple Subscription Website 1.0 - SQL Injection via Actions.php Title Argument
CVSS 6.3
CVE-2024-3003
MEDIUM
Online Book System 1.0 - SQL Injection via cart.php quantity/remove Parameter
CVSS 6.3
CVE-2024-3002
MEDIUM
Online Book System 1.0 - SQL Injection via ID Parameter in description.php
CVSS 6.3
CVE-2024-3001
MEDIUM
Online Book System 1.0 - SQL Injection via Product.php Value Parameter
CVSS 6.3
CVE-2024-3000
HIGH
Online Book System 1.0 - SQL Injection via Username/Password Parameters
CVSS 7.3
CVE-2024-2999
MEDIUM
Campcodes Online Art Gallery Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-30238
HIGH
Contest Gallery <= 21.3.2 - SQL Injection
CVSS 8.5
CVE-2024-2954
HIGH
Action Network plugin <1.4.3 - SQL Injection
CVSS 7.2
CVE-2024-2945
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2944
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2943
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2942
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2941
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2938
MEDIUM
Campcodes Online Examination System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2934
MEDIUM
SourceCodester Todo List 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2932
MEDIUM
SourceCodester Online Chatting System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2927
HIGH
code-projects Mobile Shop 1.0 - SQL Injection
CVSS 7.3
CVE-2024-2916
HIGH
Campcodes House Rental Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-29303
CRITICAL
SourceCodester PHP Task Mgmt 1.0 - SQL Injection
CVSS 9.8
CVE-2024-29302
HIGH
SourceCodester PHP Task Management System 1.0 - SQL Injection
CVSS 7.5
CVE-2024-29301
HIGH
SourceCodester PHP Task Management System 1.0 - SQL Injection
CVSS 7.5
CVE-2024-28421
CRITICAL
cobub razor 0.8.0 - SQL Injection via ChannelModel::updateapk
CVSS 9.8
CVE-2024-28107
HIGH
phpMyFAQ >=3.2.5 <3.2.6 - Authenticated SQL Injection via Email Address Parameter
CVSS 8.8
CVE-2024-27299
HIGH
phpmyfaq 3.2.5 - Authenticated SQL Injection via News Author Email Field
CVSS 8.8
CVE-2024-2865
CRITICAL
Mergen Software Quality Management System <25032024 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,718
Exploit Likelihood
High