CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,728 vulnerabilities with CWE-89
CVE-2023-44090
MEDIUM
Pandora FMS 700-<776 - SQL Injection in Grafana Module
CVSS 6.8
CVE-2023-41504
HIGH
Student Enrollment In PHP 1.0 - SQL Injection
CVSS 8.8
CVE-2023-5663
HIGH
News Announcement Scroll <= 9.0.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-48788
CRITICAL
KEV
Fortinet Forticlient Endpoint Management Server - SQL Injection
CVSS 9.8
CVE-2023-41015
MEDIUM
code-projects.org Online Job Portal 1.0 - SQL Injection
CVSS 5.5
CVE-2023-41014
CRITICAL
code-projects.org Online Job Portal 1.0 - SQL Injection
CVSS 9.8
CVE-2023-33676
HIGH
Sourcecodester Lost and Found Info Sys <1.0 - SQL Injection
CVSS 8.4
CVE-2023-49989
CRITICAL
Hotel Booking Management v1.0 - SQL Injection via update.php id Parameter
CVSS 9.8
CVE-2023-49988
HIGH
Hotel Booking Management v1.0 - SQL Injection via npss Parameter
CVSS 7.5
CVE-2023-33677
HIGH
Sourcecodester Lost and Found Info Sys <1.0 - SQL Injection
CVSS 7.5
CVE-2023-49970
CRITICAL
Customer Support System v1 - SQL Injection via Subject Parameter
CVSS 9.8
CVE-2023-49969
MEDIUM
Customer Support System v1 - SQL Injection via id Parameter
CVSS 4.3
CVE-2023-49968
HIGH
Customer Support System v1 - SQL Injection via id Parameter
CVSS 7.3
CVE-2023-49548
HIGH
Customer Support System v1 - SQL Injection via lastname Parameter
CVSS 8.8
CVE-2023-49547
CRITICAL
Customer Support System v1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-49546
HIGH
Customer Support System v1 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2023-49544
MEDIUM
Customer Support System v1 - Local File Inclusion via Page Parameter
CVSS 4.9
CVE-2023-7110
HIGH
Library Management System 2.0 - SQL Injection via login.php Student Parameter
CVSS 7.3
CVE-2023-7109
HIGH
Library Management System 2.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2023-7107
HIGH
E-Commerce Website 1.0 - SQL Injection via user_signup.php Parameter Manipulation
CVSS 7.3
CVE-2023-7106
MEDIUM
E-Commerce Website 1.0 - SQL Injection via prod_id Parameter
CVSS 6.3
CVE-2023-7105
MEDIUM
E-Commerce Website 1.0 - SQL Injection via index_search.php Search Parameter
CVSS 4.7
CVE-2023-52155
HIGH
PMB < 7.4.7 - Authenticated SQL Injection via sauvegardes Variable
CVSS 7.2
CVE-2023-52153
CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via PmbOpac-LOGIN Cookie
CVSS 9.8
CVE-2023-51828
CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via Query Parameter in get_next_notice Function
CVSS 9.8
Details
Vulnerabilities
19,728
Exploit Likelihood
High