CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,720 vulnerabilities with CWE-89
CVE-2024-24014
CRITICAL
Novel-Plus < 4.2.0 - SQL Injection via Author List Parameters
CVSS 9.8
CVE-2024-24003
CRITICAL
jshERP v3.3 - SQL Injection via DepotHeadController Column and Order Parameters
CVSS 9.8
CVE-2024-24023
CRITICAL
novel-plus < 4.2.0 - SQL Injection via Book Content List Parameters
CVSS 9.8
CVE-2024-24018
CRITICAL
Novel-Plus < 4.2.0 - SQL Injection via /system/dataPerm/list Parameters
CVSS 9.8
CVE-2024-24811
CRITICAL
Products.SQLAlchemyDA < 2.2 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2024-24133
CRITICAL
Atmail 6.6.0 - SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2024-1118
HIGH
Podlove Subscribe button plugin <1.3.10 - SQL Injection
CVSS 8.8
CVE-2024-24303
CRITICAL
HiPresta Gift Wrapping Pro < 1.4.1 - SQL Injection via addGiftWrappingCartValue Method
CVSS 9.8
CVE-2024-24019
CRITICAL
novel-plus < 4.2.0 - SQL Injection via Role Data Perm List Parameters
CVSS 9.8
CVE-2024-24004
CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController Column and Order Parameters
CVSS 9.8
CVE-2024-24002
CRITICAL
jshERP 3.3 - SQL Injection via MaterialController Column and Order Parameters
CVSS 9.8
CVE-2024-24001
CRITICAL
jshERP 3.3 - SQL Injection via DepotHeadController findallocationDetail Function
CVSS 9.8
CVE-2024-0971
MEDIUM
Nessus < 10.7.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2024-1254
MEDIUM
Byzoro Smart S20 Firmware < 2023-11-20 - SQL Injection via /sysmanage/sysmanageajax.php id Parameter
CVSS 4.7
CVE-2024-1252
MEDIUM
Tongda OA < 11.10 - SQL Injection via ASK_DUTY_ID Parameter in ask_duty/delete.php
CVSS 5.5
CVE-2024-24015
CRITICAL
novel-plus < 4.2.0 - SQL Injection via /sys/user/exit Parameters
CVSS 9.8
CVE-2024-24013
CRITICAL
novel-plus < 4.2.0 - SQL Injection via /novel/pay/list Parameters
CVSS 9.8
CVE-2024-1251
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via DELETE_STR Parameter in /general/email/outbox/delete.php
CVSS 5.5
CVE-2024-24112
CRITICAL
Exrick XMall - SQL Injection
CVSS 9.8
CVE-2024-0709
CRITICAL
Cryptocurrency Widgets - Price Ticker & Coins List 2.0-2.6.5 - Unauthenticated SQL Injection via coinslist Parameter
CVSS 9.8
CVE-2024-1197
HIGH
SourceCodester Testimonial Page Manager 1.0 - SQL Injection via Testimony Argument in delete-testimonial.php
CVSS 7.3
CVE-2024-24029
CRITICAL
JFinalCMS 5.0.0 - SQL Injection via /admin/content/data
CVSS 9.8
CVE-2024-22108
CRITICAL
GTB Central Console 15.17.1-30814.NG - SQL Injection
CVSS 9.8
CVE-2024-0269
HIGH
ManageEngine ADAudit Plus <= 7270 - Authenticated SQL Injection in File-Summary DrillDown
CVSS 8.3
CVE-2024-0253
HIGH
ManageEngine ADAudit Plus <= 7270 - Authenticated SQL Injection in Home Graph-Data
CVSS 8.3
Details
Vulnerabilities
19,720
Exploit Likelihood
High