CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,719 vulnerabilities with CWE-89
CVE-2024-2588
HIGH
AMSS++ 4.31 - SQL Injection via Admin Index ID Parameter
CVSS 8.2
CVE-2024-2587
HIGH
AMSS++ 4.31 - SQL Injection via Book Detail Module Parameters
CVSS 8.2
CVE-2024-2586
HIGH
AMSS++ 4.31 - SQL Injection via Username Parameter
CVSS 8.2
CVE-2024-2585
HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2584
HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2568
MEDIUM
heyewei JFinalCMS 5.0.0 - SQL Injection via Custom Data Page
CVSS 4.7
CVE-2024-2566
HIGH
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-13 SQL Injection via imei Parameter
CVSS 7.3
CVE-2024-2562
MEDIUM
PandaXGO PandaX < 2024-03-10 - SQL Injection via roleKey Argument in InsertRole Function
CVSS 6.3
CVE-2024-2556
MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via attendance-info.php user_id Parameter
CVSS 6.3
CVE-2024-2555
MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via update-admin.php admin_id Parameter
CVSS 6.3
CVE-2024-2554
MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via update-employee.php admin_id Parameter
CVSS 6.3
CVE-2024-2534
MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via users.php user_id Parameter
CVSS 6.3
CVE-2024-2532
MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via /admin/update-users.php id Parameter
CVSS 6.3
CVE-2024-2528
MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via update-rooms.php room_id Parameter
CVSS 6.3
CVE-2024-2527
MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via rooms.php room_id Parameter
CVSS 6.3
CVE-2024-2524
MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via receipt.php room_id Parameter
CVSS 6.3
CVE-2024-2522
MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via booktime.php room_id Parameter
CVSS 6.3
CVE-2024-2520
MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via bookdate.php room_id Parameter
CVSS 6.3
CVE-2024-2517
MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via book_history.php del_id Parameter
CVSS 6.3
CVE-2024-2516
MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via home.php id Parameter
CVSS 6.3
CVE-2024-2514
HIGH
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-1795
HIGH
HUSKY Products Filter Professional for WooCommerce <= 1.3.5.2 - SQL Injection via woof Shortcode
CVSS 8.8
CVE-2024-2480
MEDIUM
MHA Sistemas arMHAzena 9.6.0.0 - SQL Injection
CVSS 6.3
CVE-2024-2478
MEDIUM
BradWenqiang HR 2.0 - SQL Injection
CVSS 6.3
CVE-2024-25227
CRITICAL
abo.cms 5.8 - SQL Injection via tb_login Parameter
CVSS 9.8
Details
Vulnerabilities
19,719
Exploit Likelihood
High