CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,720 vulnerabilities with CWE-89
CVE-2024-0685 MEDIUM
Ninja Forms Contact Form - Second Order SQL Injection
CVSS 5.9
CVE-2024-24572 MEDIUM
facileManager <4.5.0 - Privilege Escalation
CVSS 6.5
CVE-2024-23507 HIGH
InstaWP Connect <= 0.1.0.9 - SQL Injection
CVSS 8.5
CVE-2024-1012 MEDIUM
Wanhu ezOFFICE 11.1.0 - SQL Injection via wf_printnum.jsp recordId Parameter
CVSS 6.3
CVE-2024-1061 HIGH
HTML5 Video Player < 2.5.25 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 8.6
CVE-2024-24141 CRITICAL
Sourcecodester School Task Manager App 1.0 - SQL Injection via Task Parameter
CVSS 9.8
CVE-2024-24140 HIGH
Daily Habit Tracker App 1.0 - SQL Injection via Tracker Parameter
CVSS 7.2
CVE-2024-24139 HIGH
Login System with Email Verification 1.0 - SQL Injection via User Parameter
CVSS 7.2
CVE-2024-1009 HIGH
SourceCodester Employee Management System 1.0 - SQL Injection via txtusername Parameter
CVSS 7.3
CVE-2024-1007 MEDIUM
SourceCodester Employee Management System 1.0 - SQL Injection via edit_profile.php txtfullname Parameter
CVSS 6.3
CVE-2024-22283 HIGH
Delhivery Logistics Courier <1.0.107 - SQL Injection
CVSS 8.5
CVE-2024-22147 HIGH
WP Overnight PDF Invoices & Packing Slips <3.7.5 - SQL Injection
CVSS 7.6
CVE-2024-0941 MEDIUM
Novel-Plus 4.3.0-RC1 - SQL Injection
CVSS 5.5
CVE-2024-0938 MEDIUM
Tongda OA 11.0-11.9 - SQL Injection via WEBBODY_ID_STR Parameter
CVSS 5.5
CVE-2024-0890 MEDIUM
hongmaple octopus 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0884 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via payment.php id Parameter
CVSS 4.7
CVE-2024-0883 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/pay.php id Parameter
CVSS 6.3
CVE-2024-23646 HIGH
Pimcore Admin Classic Bundle 1.0.0-1.3.1 - Authenticated SQL Injection via selectedIds Parameter
CVSS 8.8
CVE-2024-0784 MEDIUM
hongmaple octopus 1.0 - SQL Injection
CVSS 6.3
CVE-2024-23751 CRITICAL
LlamaIndex < 0.9.34 - SQL Injection via Text-to-SQL Feature
CVSS 9.8
CVE-2024-0735 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection in admin/operations/expense.php
CVSS 6.3
CVE-2024-0734 MEDIUM
smsot < 2.12 - SQL Injection via /get.php tid Parameter
CVSS 6.3
CVE-2024-0733 MEDIUM
Smsot < 2.12 - SQL Injection via data[sign] Parameter
CVSS 6.3
CVE-2024-0730 MEDIUM
Project Worlds Online Time Table Generator 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0729 MEDIUM
ForU CMS <2020-06-23 - SQL Injection
CVSS 5.5
Details
Vulnerabilities 19,720
Exploit Likelihood High