CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,720 vulnerabilities with CWE-89
CVE-2024-23810
HIGH
SINEC NMS < 2.0 SP1 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2024-23763
CRITICAL
Gambio <= 4.9.2.0 - SQL Injection via modifiers[attribute][] Parameter
CVSS 9.8
CVE-2024-22221
MEDIUM
Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated SQL Injection
CVSS 4.5
CVE-2024-0566
HIGH
Smart Manager WP <8.28.0 - SQL Injection
CVSS 7.2
CVE-2024-25722
CRITICAL
QAnything < 1.2.0 - SQL Injection via MySQL Client
CVSS 9.8
CVE-2024-0594
HIGH
Awesome Support - WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated SQL Injection via 'q' Parameter
CVSS 8.8
CVE-2024-25318
HIGH
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25316
CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25315
CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25314
CRITICAL
Code-projects Hotel Managment System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25310
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25307
CRITICAL
Code-projects Cinema Seat Reservation System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25302
CRITICAL
Sourcecodester Event Student Attendance System 1.0 - SQL Injection
CVSS 9.8
CVE-2024-25312
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25309
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25308
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25306
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-25305
HIGH
Code-projects Simple School Managment System 1.0 - Auth Bypass
CVSS 8.8
CVE-2024-25304
HIGH
Code-projects Simple School Managment System 1.0 - SQL Injection
CVSS 8.8
CVE-2024-24308
CRITICAL
boostmyshop < 1.1.10 - SQL Injection via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php
CVSS 9.8
CVE-2024-24495
CRITICAL
Daily Habit Tracker 1.0 - SQL Injection
CVSS 9.8
CVE-2024-24213
CRITICAL
Supabase PostgreSQL v15.1 - SQL Injection via /pg_meta/default/query
CVSS 9.8
CVE-2024-1207
CRITICAL
WP Booking Calendar <= 9.9 - Unauthenticated SQL Injection via calendar_request_params[dates_ddmmyy_csv]
CVSS 9.8
CVE-2024-24021
CRITICAL
novel-plus < 4.2.0 - SQL Injection via /novel/userFeedback/list Parameters
CVSS 9.8
CVE-2024-24017
CRITICAL
novel-plus < 4.2.0 - SQL Injection via /common/dict/list Parameters
CVSS 9.8
Details
Vulnerabilities
19,720
Exploit Likelihood
High