CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,719 vulnerabilities with CWE-89
CVE-2024-2588 HIGH
AMSS++ 4.31 - SQL Injection via Admin Index ID Parameter
CVSS 8.2
CVE-2024-2587 HIGH
AMSS++ 4.31 - SQL Injection via Book Detail Module Parameters
CVSS 8.2
CVE-2024-2586 HIGH
AMSS++ 4.31 - SQL Injection via Username Parameter
CVSS 8.2
CVE-2024-2585 HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2584 HIGH
AMSS++ 4.31 - SQL Injection via sd_index Parameter
CVSS 8.2
CVE-2024-2568 MEDIUM
heyewei JFinalCMS 5.0.0 - SQL Injection via Custom Data Page
CVSS 4.7
CVE-2024-2566 HIGH
Fujian Kelixin Communication Command and Dispatch Platform < 2024-03-13 SQL Injection via imei Parameter
CVSS 7.3
CVE-2024-2562 MEDIUM
PandaXGO PandaX < 2024-03-10 - SQL Injection via roleKey Argument in InsertRole Function
CVSS 6.3
CVE-2024-2556 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via attendance-info.php user_id Parameter
CVSS 6.3
CVE-2024-2555 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via update-admin.php admin_id Parameter
CVSS 6.3
CVE-2024-2554 MEDIUM
SourceCodester Employee Task Management System 1.0 - SQL Injection via update-employee.php admin_id Parameter
CVSS 6.3
CVE-2024-2534 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via users.php user_id Parameter
CVSS 6.3
CVE-2024-2532 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via /admin/update-users.php id Parameter
CVSS 6.3
CVE-2024-2528 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via update-rooms.php room_id Parameter
CVSS 6.3
CVE-2024-2527 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via rooms.php room_id Parameter
CVSS 6.3
CVE-2024-2524 MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via receipt.php room_id Parameter
CVSS 6.3
CVE-2024-2522 MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via booktime.php room_id Parameter
CVSS 6.3
CVE-2024-2520 MEDIUM
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via bookdate.php room_id Parameter
CVSS 6.3
CVE-2024-2517 MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via book_history.php del_id Parameter
CVSS 6.3
CVE-2024-2516 MEDIUM
MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via home.php id Parameter
CVSS 6.3
CVE-2024-2514 HIGH
Online-College-Event-Hall-Reservation-System 1.0 - SQL Injection via login.php Email Parameter
CVSS 7.3
CVE-2024-1795 HIGH
HUSKY Products Filter Professional for WooCommerce <= 1.3.5.2 - SQL Injection via woof Shortcode
CVSS 8.8
CVE-2024-2480 MEDIUM
MHA Sistemas arMHAzena 9.6.0.0 - SQL Injection
CVSS 6.3
CVE-2024-2478 MEDIUM
BradWenqiang HR 2.0 - SQL Injection
CVSS 6.3
CVE-2024-25227 CRITICAL
abo.cms 5.8 - SQL Injection via tb_login Parameter
CVSS 9.8
Details
Vulnerabilities 19,719
Exploit Likelihood High