CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,723 vulnerabilities with CWE-89
CVE-2023-52335 HIGH
Advantech iView < 5.7.04.6752 - Unauthenticated SQL Injection via ConfigurationServlet
CVSS 7.5
CVE-2023-29119 CRITICAL
Waybox Pro Firmware < 2.1.1.0_jb3vu096a - SQL Injection via /admin/dbstore.php
CVSS 9.6
CVE-2023-29118 CRITICAL
Waybox Pro Firmware < 2.1.1.0_jb3vu096a - SQL Injection via /admin/versions.php
CVSS 9.6
CVE-2023-50360 HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated SQL Injection via Network
CVSS 8.8
CVE-2023-3419 HIGH
tagDiv Opt-In Builder <1.4.4 - Blind SQL Injection
CVSS 7.2
CVE-2023-3416 HIGH
TagDiv Opt-In Builder <1.4.4 - SQL Injection
CVSS 7.2
CVE-2023-41884 HIGH
ZoneMinder < 1.36.34 - SQL Injection via WWW/AJAX/watch.php Parameter
CVSS 7.1
CVE-2023-5000 HIGH
WordPress Horizontal Scrolling Announcements <2.4 - SQL Injection
CVSS 8.8
CVE-2023-52290 HIGH
Apache StreamPark 2.0.0-2.1.3 - Authenticated SQL Injection via Sort Field
CVSS 8.1
CVE-2023-23775 MEDIUM
FortiSOAR 7.0.0-7.2.0 - Authenticated SQL Injection via Crafted String Parameters
CVSS 6.5
CVE-2023-46807 MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.0 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-46806 MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.0 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-51637 CRITICAL
Sante PACS Server < 3.3.7 - Unauthenticated SQL Injection and Remote Code Execution via DICOM Patient Query
CVSS 9.8
CVE-2023-3942 HIGH
ZkTeco-based OEM devices - SQL Injection
CVSS 7.5
CVE-2023-3938 MEDIUM
ZkTeco-based OEM devices - SQL Injection
CVSS 4.6
CVE-2023-49335 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49334 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49333 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49332 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49331 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49330 HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-24204 MEDIUM
SourceCodester Simple CRM 1.0 - SQL Injection via name Parameter
CVSS 5.4
CVE-2023-50718 MEDIUM
NocoDB < 0.202.10 - Authenticated SQL Injection via Unescaped table_name
CVSS 6.5
CVE-2023-29881 MEDIUM
phpok 6.4.003 - SQL Injection in index_f() Function
CVSS 6.5
CVE-2023-38724 MEDIUM
IBM Cognos Controller <11.0.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,723
Exploit Likelihood High