CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,719 vulnerabilities with CWE-89
CVE-2024-27298
CRITICAL
Parse Server <6.5.0, <7.0.0-alpha.20 - SQL Injection
CVSS 10.0
CVE-2024-2073
MEDIUM
Block Inserter for Dynamic Content 1.0 - SQL Injection via view_post.php id Parameter
CVSS 6.3
CVE-2024-2069
MEDIUM
SourceCodester FAQ Management System 1.0 - SQL Injection via delete-faq.php faq Parameter
CVSS 6.3
CVE-2024-2067
MEDIUM
SourceCodester Computer Inventory System 1.0 - SQL Injection via delete-computer.php computer Parameter
CVSS 6.3
CVE-2024-2062
MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via edit_categories.php id Parameter
CVSS 4.7
CVE-2024-2061
MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via edit_supplier.php id Parameter
CVSS 4.7
CVE-2024-2060
MEDIUM
SourceCodester Petrol Pump Management Software 1.0 - SQL Injection via Email Parameter in login_crud.php
CVSS 4.7
CVE-2024-2022
MEDIUM
Netentsec NS-ASG 6.3 SQLi via GroupId in /admin/list_ipAddressPolicy.php
CVSS 6.3
CVE-2024-2021
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via ResId Parameter
CVSS 6.3
CVE-2024-1982
MEDIUM
WPvivid <0.9.68 - Unauth SQL Injection/DoS
CVSS 6.5
CVE-2024-1981
CRITICAL
Migration, Backup, Staging - WPvivid < 0.9.68 - Unauthenticated SQL Injection via table_prefix Parameter
CVSS 9.8
CVE-2024-25833
CRITICAL
F-logic DataCube3 v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-1971
HIGH
Surya2Developer Online Shopping System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-1928
MEDIUM
SourceCodester Web-Based Student Clearance System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-1927
MEDIUM
SourceCodester Web-Based Student Clearance System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-1317
HIGH
RSS Aggregator by Feedzy < 4.4.2 - Authenticated SQL Injection via Search Key Parameter
CVSS 8.8
CVE-2024-1206
HIGH
WP Recipe Maker <= 9.1.2 - Authenticated SQL Injection via Recipes Parameter
CVSS 8.8
CVE-2024-25422
CRITICAL
SEMCMS 4.8 - SQL Injection via SEMCMS_Menu.php Component
CVSS 9.8
CVE-2024-25867
CRITICAL
CodeAstro Membership Management System 1.0 - SQL Injection via membershipType and membershipAmount Parameters
CVSS 9.1
CVE-2024-25866
HIGH
CodeAstro Membership Management System 1.0 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2024-25351
LOW
PHPGurukul Zoo Management System 1.0 - SQL Injection
CVSS 3.8
CVE-2024-22983
HIGH
Projectworlds Visitor Management System <1.0 - Privilege Escalation
CVSS 8.1
CVE-2024-27515
HIGH
Osclass 5.1.2 - SQL Injection
CVSS 7.2
CVE-2024-25927
CRITICAL
postMash - custom post order < 1.2.0 - SQL Injection
CVSS 9.3
CVE-2024-25910
CRITICAL
Skymoonlabs MoveTo < 6.2 - Unauthenticated SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,719
Exploit Likelihood
High