CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,723 vulnerabilities with CWE-89
CVE-2024-0464
MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0463
MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0462
MEDIUM
Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0461
MEDIUM
code-projects Online Faculty Clearance 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0460
MEDIUM
Faculty Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2024-0459
MEDIUM
Blood Bank & Donor Management 5.6 - SQL Injection
CVSS 4.7
CVE-2024-0426
MEDIUM
ForU CMS < 2020-06-23 - SQL Injection via t_name/t_path Parameters
CVSS 6.3
CVE-2024-22196
HIGH
Nginx-UI < 2.0.0.beta.9 - SQL Injection via Order and Sort By Query Parameters
CVSS 7.0
CVE-2024-0389
MEDIUM
SourceCodester Student Attendance System 1.0 - SQL Injection via attendance_report.php class_id Parameter
CVSS 6.3
CVE-2024-0364
MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via adminremark Parameter
CVSS 5.5
CVE-2024-0363
MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/patient-search.php searchdata Parameter
CVSS 5.5
CVE-2024-0362
MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/change-password.php cpass Parameter
CVSS 5.5
CVE-2024-0361
MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via admin/contact.php mobnum Parameter
CVSS 5.5
CVE-2024-0360
MEDIUM
PHPGurukul Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 5.5
CVE-2024-0359
HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2024-0357
MEDIUM
coderd-repos Eva 1.0.0 - SQL Injection via /system/traceLog/page Property Parameter
CVSS 5.5
CVE-2024-0355
MEDIUM
PHPGurukul Dairy Farm Shop Management System <= 1.1 - SQL Injection via add-category.php Category Parameter
CVSS 5.5
CVE-2024-0344
MEDIUM
soxft TimeMail < 1.1 - SQL Injection via check.php c Argument
CVSS 5.5
CVE-2024-0342
MEDIUM
inis_project/inis < 2.0.1 - SQL Injection via Sqlite.php sql Argument
CVSS 6.3
CVE-2024-21747
HIGH
weDevs WP ERP < 1.12.8 - SQL Injection
CVSS 7.6
CVE-2024-0307
HIGH
Dynamic Lab Management System <= 1.0 - SQL Injection via login_process.php Password Parameter
CVSS 7.3
CVE-2024-0306
HIGH
Dynamic Lab Management System < 1.0 - SQL Injection via admin_password Parameter
CVSS 7.3
CVE-2024-0301
MEDIUM
fhs-opensource iparking 1.5.22.RELEASE - SQL Injection in PayTempOrderAction getData Function
CVSS 6.3
CVE-2024-0290
MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via stock_edit.php item_type Parameter
CVSS 6.3
CVE-2024-0289
MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via stock_entry_submit.php itemype Parameter
CVSS 6.3
Details
Vulnerabilities
19,723
Exploit Likelihood
High