CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,720 vulnerabilities with CWE-89
CVE-2024-0705
CRITICAL
Stripe Payment Plugin <3.7.9 - SQL Injection
CVSS 9.8
CVE-2024-0655
MEDIUM
Novel-Plus 4.3.0-RC1 - SQL Injection
CVSS 5.5
CVE-2024-0651
MEDIUM
PHPGurukul Company Visitor Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0405
HIGH
Burst Statistics < 1.5.3 - Authenticated SQL Injection via JSON Parameters in Data Compare Endpoint
CVSS 7.2
CVE-2024-22406
CRITICAL
Shopware < 6.5.7.4 - SQL Injection via Aggregations Name Field
CVSS 9.3
CVE-2024-22628
HIGH
Budget and Expense Tracker System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22627
HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22626
HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-22625
HIGH
Complete Supplier Management System v1.0 - SQL Injection
CVSS 7.2
CVE-2024-0558
MEDIUM
DedeBIZ 6.3.0 - SQL Injection via startid Parameter in makehtml_freelist_action.php
CVSS 4.7
CVE-2024-0543
MEDIUM
CodeAstro Real Estate Management System <1.0 - SQL Injection
CVSS 6.3
CVE-2024-0530
MEDIUM
CXBSoft Post-Office <1.0 - SQL Injection
CVSS 5.5
CVE-2024-0529
MEDIUM
CXBSoft Post-Office <1.0 - SQL Injection
CVSS 5.5
CVE-2024-0528
MEDIUM
CXBSoft Post-Office 1.0 - SQL Injection
CVSS 5.5
CVE-2024-0527
MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 6.3
CVE-2024-0526
MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0525
MEDIUM
CXBSoft Url-shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0524
MEDIUM
CXBSoft Url-Shorting <1.3.1 - SQL Injection
CVSS 5.5
CVE-2024-0523
MEDIUM
CmsEasy < 7.7.7.0 - SQL Injection via getslide_child_action sid Parameter
CVSS 6.3
CVE-2024-0502
MEDIUM
SourceCodester House Rental Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2024-0498
MEDIUM
Project Worlds Lawyer Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0497
MEDIUM
Campcodes Student Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0496
MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0495
MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0494
MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,720
Exploit Likelihood
High