CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,719 vulnerabilities with CWE-89
CVE-2024-28323 MEDIUM
Phpgurukul User Registration & Login and User Management System 3.1 - SQL Injection via bwdates-report-result.php
CVSS 6.5
CVE-2024-28388 CRITICAL
SunnyToo stproductcomments < 1.0.6 - SQL Injection via StProductCommentClass::getListcomments
CVSS 9.8
CVE-2024-25250 CRITICAL
Agro-School Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24105 HIGH
Computer Science Time Table System 1.0 - SQL Injection via adminFormvalidation.php
CVSS 7.8
CVE-2024-2418 MEDIUM
SourceCodester Best POS Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1793 HIGH
AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead...
CVSS 7.2
CVE-2024-1751 HIGH
Tutor LMS < 2.6.1 - Authenticated Time-Based SQL Injection via question_id Parameter
CVSS 8.8
CVE-2024-1203 HIGH
Conversios < 7.0.8 - Authenticated SQL Injection via valueData Parameter
CVSS 8.8
CVE-2024-1071 CRITICAL
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
CVSS 9.8
CVE-2024-24101 CRITICAL
Code-projects Scholars Tracking System 1.0 - SQL Injection in Eligibility Information Update
CVSS 9.8
CVE-2024-24093 CRITICAL
Code-projects Scholars Tracking System 1.0 - SQL Injection via Personal Information Update
CVSS 9.8
CVE-2024-24092 HIGH
Code-projects Scholars Tracking System 1.0 - SQL Injection via login.php
CVSS 7.8
CVE-2024-1301 CRITICAL
Badger Meter Monitool < 4.7 - SQL Injection via j_username Parameter
CVSS 9.8
CVE-2024-2393 MEDIUM
SourceCodester CRUD without Page Reload 1.0 - SQL Injection via add_user.php City Parameter
CVSS 6.3
CVE-2024-25325 HIGH
Employee Management System <1.0 - Info Disclosure
CVSS 7.1
CVE-2024-1068 HIGH
404 Solution WordPress Plugin < 2.35.8 - Authenticated SQL Injection
CVSS 7.2
CVE-2024-28816 HIGH
Student Information Chatbot a0196ab - SQL Injection
CVSS 7.1
CVE-2024-2351 MEDIUM
CodeAstro Ecommerce Site 1.0 - SQL Injection via Search Component cat_id/brand_id/keyword Parameters
CVSS 6.3
CVE-2024-2333 MEDIUM
CodeAstro Membership Management System 1.0 - SQL Injection via fullname Parameter in add_members.php
CVSS 6.3
CVE-2024-2332 MEDIUM
Online Mobile Management Store 1.0 - SQL Injection via Manage Category ID Parameter
CVSS 6.3
CVE-2024-2330 MEDIUM
NS-ASG Application Security Gateway 6.3 - Sql Injection
CVSS 6.3
CVE-2024-2329 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via IconId Parameter
CVSS 6.3
CVE-2024-2338 HIGH
PostgreSQL Anonymizer 1.2 - Authenticated SQL Injection via Dynamic Masking Expression
CVSS 8.0
CVE-2024-21901 MEDIUM
myQNAPcloud < 1.0.52 and QTS < 4.5.4.2627 - Authenticated SQL Injection
CVSS 4.7
CVE-2024-2283 MEDIUM
boyiddha Automated-Mess-Management-System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,719
Exploit Likelihood High