CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,719 vulnerabilities with CWE-89
CVE-2024-27298 CRITICAL
Parse Server <6.5.0, <7.0.0-alpha.20 - SQL Injection
CVSS 10.0
CVE-2024-2073 MEDIUM
Block Inserter for Dynamic Content 1.0 - SQL Injection via view_post.php id Parameter
CVSS 6.3
CVE-2024-2069 MEDIUM
SourceCodester FAQ Management System 1.0 - SQL Injection via delete-faq.php faq Parameter
CVSS 6.3
CVE-2024-2067 MEDIUM
SourceCodester Computer Inventory System 1.0 - SQL Injection via delete-computer.php computer Parameter
CVSS 6.3
CVE-2024-2062 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via edit_categories.php id Parameter
CVSS 4.7
CVE-2024-2061 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via edit_supplier.php id Parameter
CVSS 4.7
CVE-2024-2060 MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via Email Parameter in login_crud.php
CVSS 4.7
CVE-2024-2022 MEDIUM
Netentsec NS-ASG 6.3 SQLi via GroupId in /admin/list_ipAddressPolicy.php
CVSS 6.3
CVE-2024-2021 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via ResId Parameter
CVSS 6.3
CVE-2024-1982 MEDIUM
WPvivid <0.9.68 - Unauth SQL Injection/DoS
CVSS 6.5
CVE-2024-1981 CRITICAL
Migration, Backup, Staging - WPvivid < 0.9.68 - Unauthenticated SQL Injection via table_prefix Parameter
CVSS 9.8
CVE-2024-25833 CRITICAL
F-logic DataCube3 v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-1971 HIGH
Surya2Developer Online Shopping System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-1928 MEDIUM
SourceCodester Web-Based Student Clearance System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-1927 MEDIUM
SourceCodester Web-Based Student Clearance System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1317 HIGH
RSS Aggregator by Feedzy < 4.4.2 - Authenticated SQL Injection via Search Key Parameter
CVSS 8.8
CVE-2024-1206 HIGH
WP Recipe Maker <= 9.1.2 - Authenticated SQL Injection via Recipes Parameter
CVSS 8.8
CVE-2024-25422 CRITICAL
SEMCMS 4.8 - SQL Injection via SEMCMS_Menu.php Component
CVSS 9.8
CVE-2024-25867 CRITICAL
CodeAstro Membership Management System 1.0 - SQL Injection via membershipType and membershipAmount Parameters
CVSS 9.1
CVE-2024-25866 HIGH
CodeAstro Membership Management System 1.0 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2024-25351 LOW
PHPGurukul Zoo Management System 1.0 - SQL Injection
CVSS 3.8
CVE-2024-22983 HIGH
Projectworlds Visitor Management System <1.0 - Privilege Escalation
CVSS 8.1
CVE-2024-27515 HIGH
Osclass 5.1.2 - SQL Injection
CVSS 7.2
CVE-2024-25927 CRITICAL
postMash - custom post order < 1.2.0 - SQL Injection
CVSS 9.3
CVE-2024-25910 CRITICAL
Skymoonlabs MoveTo < 6.2 - Unauthenticated SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,719
Exploit Likelihood High