CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,718 vulnerabilities with CWE-89
CVE-2024-2673 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2672 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2671 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2670 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1799 HIGH
GamiPress < 6.8.7 - Authenticated SQL Injection via gamipress_earnings Shortcode achievement_types Attribute
CVSS 8.8
CVE-2024-2669 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2668 MEDIUM
Campcodes Online Job Finder System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-2387 MEDIUM
Advanced Form Integration - SQL Injection
CVSS 6.1
CVE-2024-2649 MEDIUM
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 6.3
CVE-2024-2647 HIGH
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 7.3
CVE-2024-2646 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection
CVSS 6.3
CVE-2024-2644 MEDIUM
Netentsec NS-ASG 6.3 - SQL Injection
CVSS 6.3
CVE-2024-28389 CRITICAL
KnowBand spinwheel <3.0.3 - Privilege Escalation
CVSS 9.8
CVE-2024-28595 CRITICAL
Employee Management System v1.0 - SQL Injection via admin_id Parameter
CVSS 9.8
CVE-2024-28303 CRITICAL
Open Source Medicine Ordering System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-2622 MEDIUM
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-18 SQL Injection via /api/client/editemedia.php
CVSS 6.3
CVE-2024-2621 MEDIUM
Fujian Kelixin Communication - Command Injection
CVSS 6.3
CVE-2024-2620 MEDIUM
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-18 SQL Injection
CVSS 6.3
CVE-2024-0365 MEDIUM
Fancy Product Designer < 6.1.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-27096 HIGH
GLPI 0.65-10.0.12 - Authenticated SQL Injection via Search Engine
CVSS 7.7
CVE-2024-2592 HIGH
AMSS++ 4.31 - SQL Injection via person_id Parameter
CVSS 8.2
CVE-2024-2591 HIGH
AMSS++ 4.31 - SQL Injection via Book Detail Group Parameters
CVSS 8.2
CVE-2024-2590 HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2589 HIGH
AMSS++ 4.31 - SQL Injection via Book Detail School Person Parameters
CVSS 8.2
CVE-2024-2588 HIGH
AMSS++ 4.31 - SQL Injection via Admin Index ID Parameter
CVSS 8.2
Details
Vulnerabilities 19,718
Exploit Likelihood High