CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,723 vulnerabilities with CWE-89
CVE-2024-0496 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0495 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0494 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0493 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0492 MEDIUM
Kashipara Billing Software 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0489 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0488 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0487 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0486 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0485 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0484 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0483 MEDIUM
Taokeyun < 1.0.5 - SQL Injection via Task.php cid Parameter
CVSS 6.3
CVE-2024-0482 MEDIUM
Taokeyun < 1.0.5 - SQL Injection via cid Parameter in Video.php
CVSS 6.3
CVE-2024-0481 MEDIUM
Taokeyun < 1.0.5 - SQL Injection via Goods.php keyword Parameter
CVSS 6.3
CVE-2024-0480 HIGH
Taokeyun < 1.0.5 - SQL Injection via cid Parameter in HTTP POST Request Handler
CVSS 7.3
CVE-2024-0479 HIGH
Taokeyun < 1.0.5 - SQL Injection via Username Parameter in Login Function
CVSS 7.3
CVE-2024-0478 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0477 MEDIUM
Fighting Cock Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0475 MEDIUM
Dormitory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0474 HIGH
Dormitory Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2024-0473 MEDIUM
Dormitory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0471 MEDIUM
code-projects HRIS 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0470 MEDIUM
code-projects HRIS 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0469 MEDIUM
code-projects HRIS 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0466 MEDIUM
code-projects Employee Profile Management System 1.0 - SQL Injection
CVSS 5.5
Details
Vulnerabilities 19,723
Exploit Likelihood High