CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,728 vulnerabilities with CWE-89
CVE-2023-49330
HIGH
Zoho ManageEngine ADAudit Plus <7271 - SQL Injection
CVSS 8.3
CVE-2023-24204
MEDIUM
SourceCodester Simple CRM 1.0 - SQL Injection via name Parameter
CVSS 5.4
CVE-2023-50718
MEDIUM
NocoDB < 0.202.10 - Authenticated SQL Injection via Unescaped table_name
CVSS 6.5
CVE-2023-29881
MEDIUM
phpok 6.4.003 - SQL Injection in index_f() Function
CVSS 6.5
CVE-2023-38724
MEDIUM
IBM Cognos Controller <11.0.0 - SQL Injection
CVSS 6.3
CVE-2023-51595
CRITICAL
Voltronic Power ViewPower Pro - RCE
CVSS 9.8
CVE-2023-51586
CRITICAL
Voltronic Power ViewPower Pro - RCE
CVSS 9.8
CVE-2023-44450
HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.31 - Authenticated SQL Injection via getNodesByTopologyMapSearch
CVSS 8.8
CVE-2023-44449
HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.31 - Authenticated SQL Injection via clearAlertByIds
CVSS 8.8
CVE-2023-38100
HIGH
NETGEAR ProSAFE Network Management System < 1.7.0.20 - SQL Injection via clearAlertByIds Function
CVSS 8.8
CVE-2023-38099
HIGH
NETGEAR ProSAFE NMS < 1.7.0.20 - SQLi & RCE via getNodesByTopologyMapSearch
CVSS 8.8
CVE-2023-35720
MEDIUM
ASUS RT-AX92U Firmware - Unauthenticated SQL Injection in mod_webdav.so
CVSS 6.5
CVE-2023-27358
HIGH
NETGEAR RAX30, RAXE300, RAX40, RAX35, RAX38 Firmware < 1.0.10.94 - Unauthenticated SQL Injection via SOAP Request
CVSS 8.8
CVE-2023-45503
MEDIUM
Macs CMS 1.1.4f - SQL Injection via Multiple Endpoints
CVSS 5.3
CVE-2023-50347
LOW
HCL DRYiCE MyXalytics - SQL Injection
CVSS 3.7
CVE-2023-6967
HIGH
Pods < 3.0.10.2 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-6191
CRITICAL
Egehan Security WebPDKS <20240329 - SQL Injection
CVSS 9.8
CVE-2023-39309
HIGH
Fusion Builder < 3.11.1 - Authenticated SQL Injection
CVSS 8.5
CVE-2023-47438
MEDIUM
Reportico - SQL Injection via Project Parameter
CVSS 6.5
CVE-2023-6173
CRITICAL
TeoSOFT Software TeoBASE <27/03/2024 - SQL Injection
CVSS 9.8
CVE-2023-28787
CRITICAL
ExpressTech Quiz And Survey Master <8.1.4 - SQL Injection
CVSS 9.3
CVE-2023-23991
HIGH
WPdevelop/Oplugins Booking Calendar <9.4.3 - SQL Injection
CVSS 7.6
CVE-2023-48901
CRITICAL
Tramyardg Autoexpress <1.3.0 - SQL Injection
CVSS 9.8
CVE-2023-38825
MEDIUM
Vanderbilt REDCap <v.13.8.0 - Info Disclosure
CVSS 6.5
CVE-2023-44091
HIGH
Pandora FMS 700-<776 - Unauthenticated SQL Injection
CVSS 7.5
Details
Vulnerabilities
19,728
Exploit Likelihood
High