CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,720 vulnerabilities with CWE-89
CVE-2024-1597 CRITICAL
PostgreSQL JDBC Driver < 42.2.28 - SQL Injection via PreferQueryMode=SIMPLE
CVSS 10.0
CVE-2024-1512 CRITICAL
MasterStudy LMS WordPress Plugin < 3.2.5 - Unauthenticated Union-Based SQL Injection via User Parameter
CVSS 9.8
CVE-2024-0610 CRITICAL
Piraeus Bank WooCommerce Payment Gateway <1.6.5.1 - SQL Injection
CVSS 9.8
CVE-2024-25320 CRITICAL
Tongda OA 2017-11.9 - SQL Injection via $AFF_ID Parameter
CVSS 9.8
CVE-2024-21775 HIGH
ManageEngine Exchange Reporter Plus <= 5714 - Authenticated SQL Injection in Report Exporting Feature
CVSS 8.3
CVE-2024-1530 MEDIUM
ECshop 4.1.8 - SQL Injection in /admin/view_sendlist.php
CVSS 6.3
CVE-2024-24256 MEDIUM
Yonyou < 9.0 - SQL Injection via gwbhAIM Parameter in saveMove.jsp
CVSS 5.9
CVE-2024-26264 CRITICAL
EBM Technologies RISWEB 1.0-3.0 - Unauthenticated SQL Injection via Query Function Parameter
CVSS 9.8
CVE-2024-26262 HIGH
EBM Technologies Uniweb/SoliPACS WebServer < 12.1.2504 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-1523 HIGH
e-web FS-EZViewer < 10.6.0.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-23603 LOW
F5 BIG-IP Application Security Manager and Advanced Web Application Firewall - SQL Injection
CVSS 3.8
CVE-2024-25223 CRITICAL
Simple Admin Panel App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25222 CRITICAL
Task Manager App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25220 CRITICAL
Task Manager App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25217 CRITICAL
Online Medicine Ordering System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25216 CRITICAL
Employee Managment System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25215 CRITICAL
Employee Managment System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25214 CRITICAL
Employee Managment System v1.0 - Auth Bypass
CVSS 9.8
CVE-2024-25213 HIGH
Employee Managment System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-25212 HIGH
Employee Managment System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-25211 CRITICAL
Simple Expense Tracker v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25210 CRITICAL
Simple Expense Tracker v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25209 CRITICAL
Barangay Population Monitoring System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24142 CRITICAL
Sourcecodester School Task Manager 1.0 - SQL Injection via Subject Parameter
CVSS 9.8
CVE-2024-22923 CRITICAL
adv_radius 2.2.5 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,720
Exploit Likelihood High