CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,723 vulnerabilities with CWE-89
CVE-2024-0288
MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via rawstock_used_damaged_submit.php product_name Parameter
CVSS 6.3
CVE-2024-0287
MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via itemBillPdf.php printid Parameter
CVSS 6.3
CVE-2024-0281
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via loginCheck.php Password Parameter
CVSS 6.3
CVE-2024-0280
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_type_submit.php type_name Parameter
CVSS 6.3
CVE-2024-0279
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_list_edit.php id Parameter
CVSS 6.3
CVE-2024-0278
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via partylist_edit_submit.php id Parameter
CVSS 6.3
CVE-2024-0277
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via party_name Parameter
CVSS 6.3
CVE-2024-0276
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via rawstock_used_damaged_smt.php product_name Parameter
CVSS 6.3
CVE-2024-0275
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via item_edit_submit.php id Parameter
CVSS 6.3
CVE-2024-0274
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via billAjax.php item_name Parameter
CVSS 6.3
CVE-2024-0273
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addwaste_entry.php item_name Parameter
CVSS 6.3
CVE-2024-0272
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addmaterialsubmit.php material_name Parameter
CVSS 6.3
CVE-2024-0271
MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addmaterial_edit.php id Parameter
CVSS 6.3
CVE-2024-0270
MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_name Parameter in item_list_submit.php
CVSS 6.3
CVE-2024-0268
HIGH
Kashipara Hospital Management System <= 1.0 - SQL Injection via registration.php Parameters
CVSS 7.3
CVE-2024-0267
HIGH
Hospital Management System < 1.0 - SQL Injection via login.php Email/Password Parameters
CVSS 7.3
CVE-2024-0247
HIGH
CodeAstro Online Food Ordering System 1.0 - SQL Injection via Admin Panel Username Parameter
CVSS 7.3
CVE-2024-0182
HIGH
Engineers Online Portal 1.0 - SQL Injection via Admin Login Username/Password Parameter
CVSS 7.3
CVE-2023-46453
CRITICAL
GL.iNet 4.x - Authentication Bypass via SQL Injection
CVSS 9.8
CVE-2023-54359
HIGH
WordPress adivaha Travel Plugin 2.3 SQL Injection via pid
CVSS 8.2
CVE-2023-7337
HIGH
JS Help Desk < 2.8.2 - Unauthenticated SQL Injection via Cookie
CVSS 7.5
CVE-2023-54340
HIGH
WorkOrder CMS 0.1.0 - SQL Injection
CVSS 8.2
CVE-2023-54333
HIGH
Social-Share-Buttons 2.2.3 - SQL Injection
CVSS 8.2
CVE-2023-7333
MEDIUM
records-mover < 1.6.0 - SQL Injection in Table Object Handler
CVSS 5.3
CVE-2023-7331
MEDIUM
PKrystian Full-Stack-Bank <bf73a0179e3ff07c0d7dc35297cea0be0e5b1317...
CVSS 4.7
Details
Vulnerabilities
19,723
Exploit Likelihood
High