CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-28393
CRITICAL
scalapay < 1.2.42 - SQL Injection via ScalapayReturnModuleFrontController::postProcess()
CVSS 9.8
CVE-2024-2724
CRITICAL
CIGESv2 - SQL Injection via idServicio Parameter
CVSS 9.8
CVE-2024-2723
CRITICAL
CIGESv2 - SQL Injection via idServicio Parameter in /ajaxSubServicios.php
CVSS 9.8
CVE-2024-2722
CRITICAL
CIGESv2 - SQL Injection via id Parameter in /ajaxConfigTotem.php
CVSS 9.8
CVE-2024-28560
MEDIUM
Niushop B2B2C < 5.3.3 - SQL Injection via Address.php deleteArea() Function
CVSS 5.4
CVE-2024-28559
HIGH
Niushop B2B2C < 5.3.3 - SQL Injection via Goodsbatchset.php setPrice() Function
CVSS 8.8
CVE-2024-25168
MEDIUM
dingflow snow 2.0.0 - SQL Injection via dataScope Parameter
CVSS 6.3
CVE-2024-29275
CRITICAL
SeaCMS 12.9 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2024-2777
MEDIUM
Online Marriage Registration System 1.0 - SQL Injection via fromdate Parameter
CVSS 6.3
CVE-2024-2776
MEDIUM
Campcodes Online Marriage Registration System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2024-2774
MEDIUM
Campcodes Online Marriage Registration System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2024-2770
MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/contact-us.php Email Parameter
CVSS 6.3
CVE-2024-2453
MEDIUM
Advantech WebAccess/SCADA - SQL Injection
CVSS 6.4
CVE-2024-29031
HIGH
Meshery < 0.7.17 - SQL Injection via Order Parameter
CVSS 7.5
CVE-2024-28040
HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_astListParameters
CVSS 8.8
CVE-2024-23975
HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_slogListParameters
CVSS 8.8
CVE-2024-23494
HIGH
diaenergie < 1.10.00.005 - SQL Injection via GetDIAE_unListParameters
CVSS 8.8
CVE-2024-2769
MEDIUM
Campcodes Beauty Parlor Management System 1.0 - SQLi via admin-profile.php
CVSS 6.3
CVE-2024-2768
MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2024-28891
HIGH
diaenergie < 1.10.00.005 - SQL Injection via Handler_CFG.ashx
CVSS 8.8
CVE-2024-28521
HIGH
Netcome NS-ASG Application Security Gateway 6.3.1 - SQL Injection via Loginid Parameter
CVSS 7.8
CVE-2024-25937
HIGH
deltaww diaenergie < 1.10.00.005 - SQL Injection via DIAE_tagHandler.ashx
CVSS 8.8
CVE-2024-2767
MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 6.3
CVE-2024-2766
MEDIUM
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via Username Parameter
CVSS 6.3
CVE-2024-27956
CRITICAL
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
CVSS 9.9
Details
Vulnerabilities
19,718
Exploit Likelihood
High