CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,720 vulnerabilities with CWE-89
CVE-2024-0705 CRITICAL
Stripe Payment Plugin <3.7.9 - SQL Injection
CVSS 9.8
CVE-2024-0655 MEDIUM
Novel-Plus 4.3.0-RC1 - SQL Injection
CVSS 5.5
CVE-2024-0651 MEDIUM
PHPGurukul Company Visitor Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0405 HIGH
Burst Statistics < 1.5.3 - Authenticated SQL Injection via JSON Parameters in Data Compare Endpoint
CVSS 7.2
CVE-2024-22406 CRITICAL
Shopware < 6.5.7.4 - SQL Injection via Aggregations Name Field
CVSS 9.3
CVE-2024-22628 HIGH
Budget and Expense Tracker System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22627 HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22626 HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22625 HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-0558 MEDIUM
DedeBIZ 6.3.0 - SQL Injection via startid Parameter in makehtml_freelist_action.php
CVSS 4.7
CVE-2024-0543 MEDIUM
CodeAstro Real Estate Management System <1.0 - SQL Injection
CVSS 6.3
CVE-2024-0530 MEDIUM
CXBSoft Post-Office <1.0 - SQL Injection
CVSS 5.5
CVE-2024-0529 MEDIUM
CXBSoft Post-Office <1.0 - SQL Injection
CVSS 5.5
CVE-2024-0528 MEDIUM
CXBSoft Post-Office 1.0 - SQL Injection
CVSS 5.5
CVE-2024-0527 MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-0526 MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0525 MEDIUM
CXBSoft Url-shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0524 MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0523 MEDIUM
CmsEasy < 7.7.7.0 - SQL Injection via getslide_child_action sid Parameter
CVSS 6.3
CVE-2024-0502 MEDIUM
SourceCodester House Rental Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-0498 MEDIUM
Project Worlds Lawyer Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0497 MEDIUM
Campcodes Student Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0496 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0495 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0494 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,720
Exploit Likelihood High