CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,723 vulnerabilities with CWE-89
CVE-2024-0288 MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via rawstock_used_damaged_submit.php product_name Parameter
CVSS 6.3
CVE-2024-0287 MEDIUM
Kashipara Food Management System 1.0 - SQL Injection via itemBillPdf.php printid Parameter
CVSS 6.3
CVE-2024-0281 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via loginCheck.php Password Parameter
CVSS 6.3
CVE-2024-0280 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_type_submit.php type_name Parameter
CVSS 6.3
CVE-2024-0279 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_list_edit.php id Parameter
CVSS 6.3
CVE-2024-0278 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via partylist_edit_submit.php id Parameter
CVSS 6.3
CVE-2024-0277 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via party_name Parameter
CVSS 6.3
CVE-2024-0276 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via rawstock_used_damaged_smt.php product_name Parameter
CVSS 6.3
CVE-2024-0275 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via item_edit_submit.php id Parameter
CVSS 6.3
CVE-2024-0274 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via billAjax.php item_name Parameter
CVSS 6.3
CVE-2024-0273 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addwaste_entry.php item_name Parameter
CVSS 6.3
CVE-2024-0272 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addmaterialsubmit.php material_name Parameter
CVSS 6.3
CVE-2024-0271 MEDIUM
Kashipara Food Management System <= 1.0 - SQL Injection via addmaterial_edit.php id Parameter
CVSS 6.3
CVE-2024-0270 MEDIUM
Kashipara Food Management System < 1.0 - SQL Injection via item_name Parameter in item_list_submit.php
CVSS 6.3
CVE-2024-0268 HIGH
Kashipara Hospital Management System <= 1.0 - SQL Injection via registration.php Parameters
CVSS 7.3
CVE-2024-0267 HIGH
Hospital Management System < 1.0 - SQL Injection via login.php Email/Password Parameters
CVSS 7.3
CVE-2024-0247 HIGH
CodeAstro Online Food Ordering System 1.0 - SQL Injection via Admin Panel Username Parameter
CVSS 7.3
CVE-2024-0182 HIGH
Engineers Online Portal 1.0 - SQL Injection via Admin Login Username/Password Parameter
CVSS 7.3
CVE-2023-46453 CRITICAL
GL.iNet 4.x - Authentication Bypass via SQL Injection
CVSS 9.8
CVE-2023-54359 HIGH
WordPress adivaha Travel Plugin 2.3 SQL Injection via pid
CVSS 8.2
CVE-2023-7337 HIGH
JS Help Desk < 2.8.2 - Unauthenticated SQL Injection via Cookie
CVSS 7.5
CVE-2023-54340 HIGH
WorkOrder CMS 0.1.0 - SQL Injection
CVSS 8.2
CVE-2023-54333 HIGH
Social-Share-Buttons 2.2.3 - SQL Injection
CVSS 8.2
CVE-2023-7333 MEDIUM
records-mover < 1.6.0 - SQL Injection in Table Object Handler
CVSS 5.3
CVE-2023-7331 MEDIUM
PKrystian Full-Stack-Bank <bf73a0179e3ff07c0d7dc35297cea0be0e5b1317...
CVSS 4.7
Details
Vulnerabilities 19,723
Exploit Likelihood High