CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,720 vulnerabilities with CWE-89
CVE-2024-23810 HIGH
SINEC NMS < 2.0 SP1 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2024-23763 CRITICAL
Gambio <= 4.9.2.0 - SQL Injection via modifiers[attribute][] Parameter
CVSS 9.8
CVE-2024-22221 MEDIUM
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated SQL Injection
CVSS 4.5
CVE-2024-0566 HIGH
Smart Manager WP <8.28.0 - SQL Injection
CVSS 7.2
CVE-2024-25722 CRITICAL
QAnything < 1.2.0 - SQL Injection via MySQL Client
CVSS 9.8
CVE-2024-0594 HIGH
Awesome Support - WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated SQL Injection via 'q' Parameter
CVSS 8.8
CVE-2024-25318 HIGH
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25316 CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25315 CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25314 CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25310 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25307 CRITICAL
Code-projects Cinema Seat Reservation System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25302 CRITICAL
Sourcecodester Event Student Attendance System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25312 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25309 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25308 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25306 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25305 HIGH
Code-projects Simple School Managment System 1.0 - Auth Bypass
CVSS 8.8
CVE-2024-25304 HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-24308 CRITICAL
boostmyshop < 1.1.10 - SQL Injection via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php
CVSS 9.8
CVE-2024-24495 CRITICAL
Daily Habit Tracker 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24213 CRITICAL
Supabase PostgreSQL v15.1 - SQL Injection via /pg_meta/default/query
CVSS 9.8
CVE-2024-1207 CRITICAL
WP Booking Calendar <= 9.9 - Unauthenticated SQL Injection via calendar_request_params[dates_ddmmyy_csv]
CVSS 9.8
CVE-2024-24021 CRITICAL
novel-plus < 4.2.0 - SQL Injection via /novel/userFeedback/list Parameters
CVSS 9.8
CVE-2024-24017 CRITICAL
novel-plus < 4.2.0 - SQL Injection via /common/dict/list Parameters
CVSS 9.8
Details
Vulnerabilities 19,720
Exploit Likelihood High