CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,723 vulnerabilities with CWE-89
CVE-2023-41520 HIGH
Student Attendance Management System v1 - SQL Injection
CVSS 8.8
CVE-2023-40992 MEDIUM
Hospital Management System 4 - SQL Injection
CVSS 6.5
CVE-2023-45256 MEDIUM
Multiple SQL Injection - SQL Injection
CVSS 5.4
CVE-2023-26003 HIGH
VIPUL JARIWALA WP POST CORRECTOR <1.0.2 - SQL Injection
CVSS 7.6
CVE-2023-2921 HIGH
Short URL WordPress Plugin < 1.6.8 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-6030 MEDIUM
LogDash Activity Log WP <1.1.4 - SQL Injection
CVSS 5.4
CVE-2023-49641 CRITICAL
Billing Software v1.0 - SQL Injection
CVSS 9.8
CVE-2023-33770 MEDIUM
Real Estate Management System v1.0 - SQL Injection
CVSS 5.1
CVE-2023-44755 CRITICAL
mayurik sacco_management_system 1.0 - SQL Injection via Password Parameter
CVSS 9.8
CVE-2023-50316 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.1 - SQL Injection
CVSS 6.3
CVE-2023-37777 CRITICAL
Synnefo Internet Management Software <= 2023 - SQL Injection via API Endpoint Parameter
CVSS 9.8
CVE-2023-27113 CRITICAL
pearProjectApi v2.8.10 - SQL Injection
CVSS 9.8
CVE-2023-27112 CRITICAL
pearProjectApi <2.8.10 - SQL Injection
CVSS 9.8
CVE-2023-37931 HIGH
FortiVoice 6.0.0-6.4.7 and 7.0.0-7.0.1 - Authenticated Blind SQL Injection via HTTP/HTTPS Requests
CVSS 8.8
CVE-2023-42244 HIGH
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_visits.php POST Parameters
CVSS 8.8
CVE-2023-42243 MEDIUM
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via Administrative Page
CVSS 5.4
CVE-2023-42242 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
CVSS 3.8
CVE-2023-42241 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_anagraphic.php POST Parameters
CVSS 3.8
CVE-2023-42240 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_scheduledfile.php POST Parameters
CVSS 3.8
CVE-2023-42239 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_ep.php POST Parameters
CVSS 3.8
CVE-2023-42238 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_eps.php POST Parameters
CVSS 3.8
CVE-2023-42237 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_i_command.php GET Parameters
CVSS 3.8
CVE-2023-42236 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
CVSS 3.8
CVE-2023-42235 LOW
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_normalizedtrans.php Parameters
CVSS 3.8
CVE-2023-7299 MEDIUM
DataGear < 4.7.0 - SQL Injection via /dataSet/resolveSql sql Parameter
CVSS 6.3
Details
Vulnerabilities 19,723
Exploit Likelihood High