CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,719 vulnerabilities with CWE-89
CVE-2024-24310 HIGH
Generate barcode on invoice / delivery slip < 1.2.0 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2024-1833 HIGH
SourceCodester Employee Management System 1.0 - SQL Injection via txtusername/txtphone Parameter
CVSS 7.3
CVE-2024-1832 HIGH
Complete File Management System 1.0 - SQL Injection via Admin Login Form Username Parameter
CVSS 7.3
CVE-2024-1831 HIGH
SourceCodester Complete File Management System 1.0 - SQL Injection via Login Form Username Parameter
CVSS 7.3
CVE-2024-1830 HIGH
code-projects Library System 1.0 - SQL Injection via Email Parameter in Lost Password
CVSS 7.3
CVE-2024-1829 HIGH
code-projects Library System 1.0 - SQL Injection via Registration Parameter Manipulation
CVSS 7.3
CVE-2024-1828 HIGH
code-projects Library System 1.0 - SQL Injection via teacher_reg.php Email/ID/Phone/Username Parameters
CVSS 7.3
CVE-2024-1827 HIGH
code-projects Library System 1.0 - SQL Injection via Username/Password Parameter
CVSS 7.3
CVE-2024-1826 HIGH
code-projects Library System 1.0 - SQL Injection via Username/Password Parameter
CVSS 7.3
CVE-2024-1824 HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via signing.php uname/password Parameters
CVSS 7.3
CVE-2024-1821 MEDIUM
code-projects Crime Reporting System 1.0 - SQL Injection via police_add.php
CVSS 5.5
CVE-2024-1820 HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via inchargelogin.php Email/Password Parameters
CVSS 7.3
CVE-2024-25928 HIGH
Sitepact < 1.0.5 - SQL Injection
CVSS 7.1
CVE-2024-1776 HIGH
Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated SQL Injection via form-id Parameter
CVSS 7.2
CVE-2024-1784 LOW
limbas 5.2.14 - SQL Injection via main_admin.php tab_group Parameter
CVSS 3.9
CVE-2024-25897 CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 9.8
CVE-2024-25896 MEDIUM
ChurchCRM 5.5.0 - Blind SQL Injection via EventEditor.php EID Parameter
CVSS 5.3
CVE-2024-25894 CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via EventCount POST Parameter
CVSS 9.8
CVE-2024-25893 CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 9.1
CVE-2024-25892 HIGH
ChurchCRM 5.5.0 - Blind SQL Injection via familyId GET Parameter
CVSS 8.1
CVE-2024-25891 HIGH
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 7.5
CVE-2024-25288 MEDIUM
SLIMS 9 Bulian <9.6.1 - SQL Injection
CVSS 4.9
CVE-2024-1702 MEDIUM
keerti1924 PHP-MYSQL-User-Login-System 1.0 - SQL Injection in /edit.php
CVSS 6.3
CVE-2024-25428 MEDIUM
mrcms 3.1.2 - SQL Injection via Status Parameter
CVSS 6.5
CVE-2024-1597 CRITICAL
PostgreSQL JDBC Driver < 42.2.28 - SQL Injection via PreferQueryMode=SIMPLE
CVSS 10.0
Details
Vulnerabilities 19,719
Exploit Likelihood High