CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-28393 CRITICAL
scalapay < 1.2.42 - SQL Injection via ScalapayReturnModuleFrontController::postProcess()
CVSS 9.8
CVE-2024-2724 CRITICAL
CIGESv2 - SQL Injection via idServicio Parameter
CVSS 9.8
CVE-2024-2723 CRITICAL
CIGESv2 - SQL Injection via idServicio Parameter in /ajaxSubServicios.php
CVSS 9.8
CVE-2024-2722 CRITICAL
CIGESv2 - SQL Injection via id Parameter in /ajaxConfigTotem.php
CVSS 9.8
CVE-2024-28560 MEDIUM
Niushop B2B2C < 5.3.3 - SQL Injection via Address.php deleteArea() Function
CVSS 5.4
CVE-2024-28559 HIGH
Niushop B2B2C < 5.3.3 - SQL Injection via Goodsbatchset.php setPrice() Function
CVSS 8.8
CVE-2024-25168 MEDIUM
dingflow snow 2.0.0 - SQL Injection via dataScope Parameter
CVSS 6.3
CVE-2024-29275 CRITICAL
SeaCMS 12.9 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2024-2777 MEDIUM
Online Marriage Registration System 1.0 - SQL Injection via fromdate Parameter
CVSS 6.3
CVE-2024-2776 MEDIUM
Campcodes Online Marriage Registration System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2024-2774 MEDIUM
Campcodes Online Marriage Registration System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2024-2770 MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/contact-us.php Email Parameter
CVSS 6.3
CVE-2024-2453 MEDIUM
Advantech WebAccess/SCADA - SQL Injection
CVSS 6.4
CVE-2024-29031 HIGH
Meshery < 0.7.17 - SQL Injection via Order Parameter
CVSS 7.5
CVE-2024-28040 HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_astListParameters
CVSS 8.8
CVE-2024-23975 HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_slogListParameters
CVSS 8.8
CVE-2024-23494 HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_unListParameters
CVSS 8.8
CVE-2024-2769 MEDIUM
Campcodes Beauty Parlor Management System 1.0 - SQLi via admin-profile.php
CVSS 6.3
CVE-2024-2768 MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2024-28891 HIGH
diaenergie < 1.10.00.005 - SQL Injection via Handler_CFG.ashx
CVSS 8.8
CVE-2024-28521 HIGH
Netcome NS-ASG Application Security Gateway 6.3.1 - SQL Injection via Loginid Parameter
CVSS 7.8
CVE-2024-25937 HIGH
deltaww diaenergie < 1.10.00.005 - SQL Injection via DIAE_tagHandler.ashx
CVSS 8.8
CVE-2024-2767 MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 6.3
CVE-2024-2766 MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2024-27956 CRITICAL
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
CVSS 9.9
Details
Vulnerabilities 19,718
Exploit Likelihood High