CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,718 vulnerabilities with CWE-89
CVE-2024-2673
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2672
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2671
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2670
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1799
HIGH
GamiPress < 6.8.7 - Authenticated SQL Injection via gamipress_earnings Shortcode achievement_types Attribute
CVSS 8.8
CVE-2024-2669
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2668
MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2387
MEDIUM
Advanced Form Integration - SQL Injection
CVSS 6.1
CVE-2024-2649
MEDIUM
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 6.3
CVE-2024-2647
HIGH
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 7.3
CVE-2024-2646
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection
CVSS 6.3
CVE-2024-2644
MEDIUM
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 6.3
CVE-2024-28389
CRITICAL
KnowBand spinwheel <3.0.3 - Privilege Escalation
CVSS 9.8
CVE-2024-28595
CRITICAL
Employee Management System v1.0 - SQL Injection via admin_id Parameter
CVSS 9.8
CVE-2024-28303
CRITICAL
Open Source Medicine Ordering System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-2622
MEDIUM
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-18 SQL Injection via /api/client/editemedia.php
CVSS 6.3
CVE-2024-2621
MEDIUM
Fujian Kelixin Communication - Command Injection
CVSS 6.3
CVE-2024-2620
MEDIUM
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-18 SQL Injection
CVSS 6.3
CVE-2024-0365
MEDIUM
Fancy Product Designer < 6.1.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-27096
HIGH
GLPI 0.65-10.0.12 - Authenticated SQL Injection via Search Engine
CVSS 7.7
CVE-2024-2592
HIGH
AMSS++ 4.31 - SQL Injection via person_id Parameter
CVSS 8.2
CVE-2024-2591
HIGH
AMSS++ 4.31 - SQL Injection via Book Detail Group Parameters
CVSS 8.2
CVE-2024-2590
HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2589
HIGH
AMSS++ 4.31 - SQL Injection via Book Detail School Person Parameters
CVSS 8.2
CVE-2024-2588
HIGH
AMSS++ 4.31 - SQL Injection via Admin Index ID Parameter
CVSS 8.2
Details
Vulnerabilities
19,718
Exploit Likelihood
High