CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,719 vulnerabilities with CWE-89
CVE-2024-28323
MEDIUM
Phpgurukul User Registration & Login and User Management System 3.1 - SQL Injection via bwdates-report-result.php
CVSS 6.5
CVE-2024-28388
CRITICAL
SunnyToo stproductcomments < 1.0.6 - SQL Injection via StProductCommentClass::getListcomments
CVSS 9.8
CVE-2024-25250
CRITICAL
Agro-School Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24105
HIGH
Computer Science Time Table System 1.0 - SQL Injection via adminFormvalidation.php
CVSS 7.8
CVE-2024-2418
MEDIUM
SourceCodester Best POS Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1793
HIGH
AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead...
CVSS 7.2
CVE-2024-1751
HIGH
Tutor LMS < 2.6.1 - Authenticated Time-Based SQL Injection via question_id Parameter
CVSS 8.8
CVE-2024-1203
HIGH
Conversios < 7.0.8 - Authenticated SQL Injection via valueData Parameter
CVSS 8.8
CVE-2024-1071
CRITICAL
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
CVSS 9.8
CVE-2024-24101
CRITICAL
Code-projects Scholars Tracking System 1.0 - SQL Injection in Eligibility Information Update
CVSS 9.8
CVE-2024-24093
CRITICAL
Code-projects Scholars Tracking System 1.0 - SQL Injection via Personal Information Update
CVSS 9.8
CVE-2024-24092
HIGH
Code-projects Scholars Tracking System 1.0 - SQL Injection via login.php
CVSS 7.8
CVE-2024-1301
CRITICAL
Badger Meter Monitool < 4.7 - SQL Injection via j_username Parameter
CVSS 9.8
CVE-2024-2393
MEDIUM
SourceCodester CRUD without Page Reload 1.0 - SQL Injection via add_user.php City Parameter
CVSS 6.3
CVE-2024-25325
HIGH
Employee Management System <1.0 - Info Disclosure
CVSS 7.1
CVE-2024-1068
HIGH
404 Solution WordPress Plugin < 2.35.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-28816
HIGH
Student Information Chatbot a0196ab - SQL Injection
CVSS 7.1
CVE-2024-2351
MEDIUM
CodeAstro Ecommerce Site 1.0 - SQL Injection via Search Component cat_id/brand_id/keyword Parameters
CVSS 6.3
CVE-2024-2333
MEDIUM
CodeAstro Membership Management System 1.0 - SQL Injection via fullname Parameter in add_members.php
CVSS 6.3
CVE-2024-2332
MEDIUM
Online Mobile Management Store 1.0 - SQL Injection via Manage Category ID Parameter
CVSS 6.3
CVE-2024-2330
MEDIUM
NS-ASG Application Security Gateway 6.3 - Sql Injection
CVSS 6.3
CVE-2024-2329
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via IconId Parameter
CVSS 6.3
CVE-2024-2338
HIGH
PostgreSQL Anonymizer 1.2 - Authenticated SQL Injection via Dynamic Masking Expression
CVSS 8.0
CVE-2024-21901
MEDIUM
myQNAPcloud < 1.0.52 and QTS < 4.5.4.2627 - Authenticated SQL Injection
CVSS 4.7
CVE-2024-2283
MEDIUM
boyiddha Automated-Mess-Management-System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,719
Exploit Likelihood
High