CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,720 vulnerabilities with CWE-89
CVE-2024-24014 CRITICAL
Novel-Plus < 4.2.0 - SQL Injection via Author List Parameters
CVSS 9.8
CVE-2024-24003 CRITICAL
jshERP v3.3 - SQL Injection via DepotHeadController Column and Order Parameters
CVSS 9.8
CVE-2024-24023 CRITICAL
novel-plus < 4.2.0 - SQL Injection via Book Content List Parameters
CVSS 9.8
CVE-2024-24018 CRITICAL
Novel-Plus < 4.2.0 - SQL Injection via /system/dataPerm/list Parameters
CVSS 9.8
CVE-2024-24811 CRITICAL
Products.SQLAlchemyDA < 2.2 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-24133 CRITICAL
Atmail 6.6.0 - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2024-1118 HIGH
Podlove Subscribe button plugin <1.3.10 - SQL Injection
CVSS 8.8
CVE-2024-24303 CRITICAL
HiPresta Gift Wrapping Pro < 1.4.1 - SQL Injection via addGiftWrappingCartValue Method
CVSS 9.8
CVE-2024-24019 CRITICAL
novel-plus < 4.2.0 - SQL Injection via Role Data Perm List Parameters
CVSS 9.8
CVE-2024-24004 CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController Column and Order Parameters
CVSS 9.8
CVE-2024-24002 CRITICAL
jshERP 3.3 - SQL Injection via MaterialController Column and Order Parameters
CVSS 9.8
CVE-2024-24001 CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController findallocationDetail Function
CVSS 9.8
CVE-2024-0971 MEDIUM
Nessus < 10.7.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-1254 MEDIUM
Byzoro Smart S20 Firmware < 2023-11-20 - SQL Injection via /sysmanage/sysmanageajax.php id Parameter
CVSS 4.7
CVE-2024-1252 MEDIUM
Tongda OA < 11.10 - SQL Injection via ASK_DUTY_ID Parameter in ask_duty/delete.php
CVSS 5.5
CVE-2024-24015 CRITICAL
novel-plus < 4.2.0 - SQL Injection via /sys/user/exit Parameters
CVSS 9.8
CVE-2024-24013 CRITICAL
novel-plus < 4.2.0 - SQL Injection via /novel/pay/list Parameters
CVSS 9.8
CVE-2024-1251 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via DELETE_STR Parameter in /general/email/outbox/delete.php
CVSS 5.5
CVE-2024-24112 CRITICAL
Exrick XMall - SQL Injection
CVSS 9.8
CVE-2024-0709 CRITICAL
Cryptocurrency Widgets - Price Ticker & Coins List 2.0-2.6.5 - Unauthenticated SQL Injection via coinslist Parameter
CVSS 9.8
CVE-2024-1197 HIGH
SourceCodester Testimonial Page Manager 1.0 - SQL Injection via Testimony Argument in delete-testimonial.php
CVSS 7.3
CVE-2024-24029 CRITICAL
JFinalCMS 5.0.0 - SQL Injection via /admin/content/data
CVSS 9.8
CVE-2024-22108 CRITICAL
GTB Central Console 15.17.1-30814.NG - SQL Injection
CVSS 9.8
CVE-2024-0269 HIGH
ManageEngine ADAudit Plus <= 7270 - Authenticated SQL Injection in File-Summary DrillDown
CVSS 8.3
CVE-2024-0253 HIGH
ManageEngine ADAudit Plus <= 7270 - Authenticated SQL Injection in Home Graph-Data
CVSS 8.3
Details
Vulnerabilities 19,720
Exploit Likelihood High