CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,720 vulnerabilities with CWE-89
CVE-2024-1597
CRITICAL
PostgreSQL JDBC Driver < 42.2.28 - SQL Injection via PreferQueryMode=SIMPLE
CVSS 10.0
CVE-2024-1512
CRITICAL
MasterStudy LMS WordPress Plugin < 3.2.5 - Unauthenticated Union-Based SQL Injection via User Parameter
CVSS 9.8
CVE-2024-0610
CRITICAL
Piraeus Bank WooCommerce Payment Gateway <1.6.5.1 - SQL Injection
CVSS 9.8
CVE-2024-25320
CRITICAL
Tongda OA 2017-11.9 - SQL Injection via $AFF_ID Parameter
CVSS 9.8
CVE-2024-21775
HIGH
ManageEngine Exchange Reporter Plus <= 5714 - Authenticated SQL Injection in Report Exporting Feature
CVSS 8.3
CVE-2024-1530
MEDIUM
ECshop 4.1.8 - SQL Injection in /admin/view_sendlist.php
CVSS 6.3
CVE-2024-24256
MEDIUM
Yonyou < 9.0 - SQL Injection via gwbhAIM Parameter in saveMove.jsp
CVSS 5.9
CVE-2024-26264
CRITICAL
EBM Technologies RISWEB 1.0-3.0 - Unauthenticated SQL Injection via Query Function Parameter
CVSS 9.8
CVE-2024-26262
HIGH
EBM Technologies Uniweb/SoliPACS WebServer < 12.1.2504 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-1523
HIGH
e-web FS-EZViewer < 10.6.0.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2024-23603
LOW
F5 BIG-IP Application Security Manager and Advanced Web Application Firewall - SQL Injection
CVSS 3.8
CVE-2024-25223
CRITICAL
Simple Admin Panel App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25222
CRITICAL
Task Manager App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25220
CRITICAL
Task Manager App v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25217
CRITICAL
Online Medicine Ordering System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25216
CRITICAL
Employee Managment System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25215
CRITICAL
Employee Managment System v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25214
CRITICAL
Employee Managment System v1.0 - Auth Bypass
CVSS 9.8
CVE-2024-25213
HIGH
Employee Managment System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-25212
HIGH
Employee Managment System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-25211
CRITICAL
Simple Expense Tracker v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25210
CRITICAL
Simple Expense Tracker v1.0 - SQL Injection
CVSS 9.8
CVE-2024-25209
CRITICAL
Barangay Population Monitoring System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24142
CRITICAL
Sourcecodester School Task Manager 1.0 - SQL Injection via Subject Parameter
CVSS 9.8
CVE-2024-22923
CRITICAL
adv_radius 2.2.5 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,720
Exploit Likelihood
High