CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,723 vulnerabilities with CWE-89
CVE-2023-41520
HIGH
Student Attendance Management System v1 - SQL Injection
CVSS 8.8
CVE-2023-40992
MEDIUM
Hospital Management System 4 - SQL Injection
CVSS 6.5
CVE-2023-45256
MEDIUM
Multiple SQL Injection - SQL Injection
CVSS 5.4
CVE-2023-26003
HIGH
VIPUL JARIWALA WP POST CORRECTOR <1.0.2 - SQL Injection
CVSS 7.6
CVE-2023-2921
HIGH
Short URL WordPress Plugin < 1.6.8 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-6030
MEDIUM
LogDash Activity Log WP <1.1.4 - SQL Injection
CVSS 5.4
CVE-2023-49641
CRITICAL
Billing Software v1.0 - SQL Injection
CVSS 9.8
CVE-2023-33770
MEDIUM
Real Estate Management System v1.0 - SQL Injection
CVSS 5.1
CVE-2023-44755
CRITICAL
mayurik sacco_management_system 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2023-50316
MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.1 - SQL Injection
CVSS 6.3
CVE-2023-37777
CRITICAL
Synnefo Internet Management Software <= 2023 - SQL Injection via API Endpoint Parameter
CVSS 9.8
CVE-2023-27113
CRITICAL
pearProjectApi v2.8.10 - SQL Injection
CVSS 9.8
CVE-2023-27112
CRITICAL
pearProjectApi <2.8.10 - SQL Injection
CVSS 9.8
CVE-2023-37931
HIGH
FortiVoice 6.0.0-6.4.7 and 7.0.0-7.0.1 - Authenticated Blind SQL Injection via HTTP/HTTPS Requests
CVSS 8.8
CVE-2023-42244
HIGH
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_visits.php POST Parameters
CVSS 8.8
CVE-2023-42243
MEDIUM
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via Administrative Page
CVSS 5.4
CVE-2023-42242
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
CVSS 3.8
CVE-2023-42241
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_anagraphic.php POST Parameters
CVSS 3.8
CVE-2023-42240
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_scheduledfile.php POST Parameters
CVSS 3.8
CVE-2023-42239
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_ep.php POST Parameters
CVSS 3.8
CVE-2023-42238
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_eps.php POST Parameters
CVSS 3.8
CVE-2023-42237
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_i_command.php GET Parameters
CVSS 3.8
CVE-2023-42236
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
CVSS 3.8
CVE-2023-42235
LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_normalizedtrans.php Parameters
CVSS 3.8
CVE-2023-7299
MEDIUM
DataGear < 4.7.0 - SQL Injection via /dataSet/resolveSql sql Parameter
CVSS 6.3
Details
Vulnerabilities
19,723
Exploit Likelihood
High