CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,723 vulnerabilities with CWE-89
CVE-2023-52335
HIGH
Advantech iView < 5.7.04.6752 - Unauthenticated SQL Injection via ConfigurationServlet
CVSS 7.5
CVE-2023-29119
CRITICAL
Waybox Pro Firmware < 2.1.1.0_jb3vu096a - SQL Injection via /admin/dbstore.php
CVSS 9.6
CVE-2023-29118
CRITICAL
Waybox Pro Firmware < 2.1.1.0_jb3vu096a - SQL Injection via /admin/versions.php
CVSS 9.6
CVE-2023-50360
HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated SQL Injection via Network
CVSS 8.8
CVE-2023-3419
HIGH
tagDiv Opt-In Builder <1.4.4 - Blind SQL Injection
CVSS 7.2
CVE-2023-3416
HIGH
TagDiv Opt-In Builder <1.4.4 - SQL Injection
CVSS 7.2
CVE-2023-41884
HIGH
ZoneMinder < 1.36.34 - SQL Injection via WWW/AJAX/watch.php Parameter
CVSS 7.1
CVE-2023-5000
HIGH
WordPress Horizontal Scrolling Announcements <2.4 - SQL Injection
CVSS 8.8
CVE-2023-52290
HIGH
Apache StreamPark 2.0.0-2.1.3 - Authenticated SQL Injection via Sort Field
CVSS 8.1
CVE-2023-23775
MEDIUM
FortiSOAR 7.0.0-7.2.0 - Authenticated SQL Injection via Crafted String Parameters
CVSS 6.5
CVE-2023-46807
MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.0 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-46806
MEDIUM
Ivanti Endpoint Manager Mobile < 12.1.0.0 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-51637
CRITICAL
Sante PACS Server < 3.3.7 - Unauthenticated SQL Injection and Remote Code Execution via DICOM Patient Query
CVSS 9.8
CVE-2023-3942
HIGH
ZkTeco-based OEM devices - SQL Injection
CVSS 7.5
CVE-2023-3938
MEDIUM
ZkTeco-based OEM devices - SQL Injection
CVSS 4.6
CVE-2023-49335
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49334
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49333
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49332
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49331
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-49330
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-24204
MEDIUM
SourceCodester Simple CRM 1.0 - SQL Injection via name Parameter
CVSS 5.4
CVE-2023-50718
MEDIUM
NocoDB < 0.202.10 - Authenticated SQL Injection via Unescaped table_name
CVSS 6.5
CVE-2023-29881
MEDIUM
phpok 6.4.003 - SQL Injection in index_f() Function
CVSS 6.5
CVE-2023-38724
MEDIUM
IBM Cognos Controller <11.0.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,723
Exploit Likelihood
High