CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,719 vulnerabilities with CWE-89
CVE-2024-24310
HIGH
Generate barcode on invoice / delivery slip < 1.2.0 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2024-1833
HIGH
SourceCodester Employee Management System 1.0 - SQL Injection via txtusername/txtphone Parameter
CVSS 7.3
CVE-2024-1832
HIGH
Complete File Management System 1.0 - SQL Injection via Admin Login Form Username Parameter
CVSS 7.3
CVE-2024-1831
HIGH
SourceCodester Complete File Management System 1.0 - SQL Injection via Login Form Username Parameter
CVSS 7.3
CVE-2024-1830
HIGH
code-projects Library System 1.0 - SQL Injection via Email Parameter in Lost Password
CVSS 7.3
CVE-2024-1829
HIGH
code-projects Library System 1.0 - SQL Injection via Registration Parameter Manipulation
CVSS 7.3
CVE-2024-1828
HIGH
code-projects Library System 1.0 - SQL Injection via teacher_reg.php Email/ID/Phone/Username Parameters
CVSS 7.3
CVE-2024-1827
HIGH
code-projects Library System 1.0 - SQL Injection via Username/Password Parameter
CVSS 7.3
CVE-2024-1826
HIGH
code-projects Library System 1.0 - SQL Injection via Username/Password Parameter
CVSS 7.3
CVE-2024-1824
HIGH
CodeAstro House Rental Management System 1.0 - SQL Injection via signing.php uname/password Parameters
CVSS 7.3
CVE-2024-1821
MEDIUM
code-projects Crime Reporting System 1.0 - SQL Injection via police_add.php
CVSS 5.5
CVE-2024-1820
HIGH
code-projects Crime Reporting System 1.0 - SQL Injection via inchargelogin.php Email/Password Parameters
CVSS 7.3
CVE-2024-25928
HIGH
Sitepact < 1.0.5 - SQL Injection
CVSS 7.1
CVE-2024-1776
HIGH
Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated SQL Injection via form-id Parameter
CVSS 7.2
CVE-2024-1784
LOW
limbas 5.2.14 - SQL Injection via main_admin.php tab_group Parameter
CVSS 3.9
CVE-2024-25897
CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 9.8
CVE-2024-25896
MEDIUM
ChurchCRM 5.5.0 - Blind SQL Injection via EventEditor.php EID Parameter
CVSS 5.3
CVE-2024-25894
CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via EventCount POST Parameter
CVSS 9.8
CVE-2024-25893
CRITICAL
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 9.1
CVE-2024-25892
HIGH
ChurchCRM 5.5.0 - Blind SQL Injection via familyId GET Parameter
CVSS 8.1
CVE-2024-25891
HIGH
ChurchCRM 5.5.0 - Blind SQL Injection via CurrentFundraiser GET Parameter
CVSS 7.5
CVE-2024-25288
MEDIUM
SLIMS 9 Bulian <9.6.1 - SQL Injection
CVSS 4.9
CVE-2024-1702
MEDIUM
keerti1924 PHP-MYSQL-User-Login-System 1.0 - SQL Injection in /edit.php
CVSS 6.3
CVE-2024-25428
MEDIUM
mrcms 3.1.2 - SQL Injection via Status Parameter
CVSS 6.5
CVE-2024-1597
CRITICAL
PostgreSQL JDBC Driver < 42.2.28 - SQL Injection via PreferQueryMode=SIMPLE
CVSS 10.0
Details
Vulnerabilities
19,719
Exploit Likelihood
High