CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,723 vulnerabilities with CWE-89
CVE-2024-0464 MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0463 MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0462 MEDIUM
Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0461 MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0460 MEDIUM
Faculty Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0459 MEDIUM
Blood Bank & Donor Management 5.6 - SQL Injection
CVSS 4.7
CVE-2024-0426 MEDIUM
ForU CMS < 2020-06-23 - SQL Injection via t_name/t_path Parameters
CVSS 6.3
CVE-2024-22196 HIGH
Nginx-UI < 2.0.0.beta.9 - SQL Injection via Order and Sort By Query Parameters
CVSS 7.0
CVE-2024-0389 MEDIUM
SourceCodester Student Attendance System 1.0 - SQL Injection via attendance_report.php class_id Parameter
CVSS 6.3
CVE-2024-0364 MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via adminremark Parameter
CVSS 5.5
CVE-2024-0363 MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/patient-search.php searchdata Parameter
CVSS 5.5
CVE-2024-0362 MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/change-password.php cpass Parameter
CVSS 5.5
CVE-2024-0361 MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/contact.php mobnum Parameter
CVSS 5.5
CVE-2024-0360 MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 5.5
CVE-2024-0359 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2024-0357 MEDIUM
coderd-repos Eva 1.0.0 - SQL Injection via /system/traceLog/page Property Parameter
CVSS 5.5
CVE-2024-0355 MEDIUM
PHPGurukul Dairy Farm Shop Management System <= 1.1 - SQL Injection via add-category.php Category Parameter
CVSS 5.5
CVE-2024-0344 MEDIUM
soxft TimeMail < 1.1 - SQL Injection via check.php c Argument
CVSS 5.5
CVE-2024-0342 MEDIUM
inis_project/inis < 2.0.1 - SQL Injection via Sqlite.php sql Argument
CVSS 6.3
CVE-2024-21747 HIGH
weDevs WP ERP < 1.12.8 - SQL Injection
CVSS 7.6
CVE-2024-0307 HIGH
Dynamic Lab Management System <= 1.0 - SQL Injection via login_process.php Password Parameter
CVSS 7.3
CVE-2024-0306 HIGH
Dynamic Lab Management System < 1.0 - SQL Injection via admin_password Parameter
CVSS 7.3
CVE-2024-0301 MEDIUM
fhs-opensource iparking 1.5.22.RELEASE - SQL Injection in PayTempOrderAction getData Function
CVSS 6.3
CVE-2024-0290 MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via stock_edit.php item_type Parameter
CVSS 6.3
CVE-2024-0289 MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via stock_entry_submit.php itemype Parameter
CVSS 6.3
Details
Vulnerabilities 19,723
Exploit Likelihood High