CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,728 vulnerabilities with CWE-89
CVE-2023-44090 MEDIUM
Pandora FMS 700-<776 - SQL Injection in Grafana Module
CVSS 6.8
CVE-2023-41504 HIGH
Student Enrollment In PHP 1.0 - SQL Injection
CVSS 8.8
CVE-2023-5663 HIGH
News Announcement Scroll <= 9.0.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-48788 CRITICAL KEV
Fortinet Forticlient Endpoint Management Server - SQL Injection
CVSS 9.8
CVE-2023-41015 MEDIUM
code-projects.org Online Job Portal 1.0 - SQL Injection
CVSS 5.5
CVE-2023-41014 CRITICAL
code-projects.org Online Job Portal 1.0 - SQL Injection
CVSS 9.8
CVE-2023-33676 HIGH
Sourcecodester Lost and Found Info Sys <1.0 - SQL Injection
CVSS 8.4
CVE-2023-49989 CRITICAL
Hotel Booking Management v1.0 - SQL Injection via update.php id Parameter
CVSS 9.8
CVE-2023-49988 HIGH
Hotel Booking Management v1.0 - SQL Injection via npss Parameter
CVSS 7.5
CVE-2023-33677 HIGH
Sourcecodester Lost and Found Info Sys <1.0 - SQL Injection
CVSS 7.5
CVE-2023-49970 CRITICAL
Customer Support System v1 - SQL Injection via Subject Parameter
CVSS 9.8
CVE-2023-49969 MEDIUM
Customer Support System v1 - SQL Injection via id Parameter
CVSS 4.3
CVE-2023-49968 HIGH
Customer Support System v1 - SQL Injection via id Parameter
CVSS 7.3
CVE-2023-49548 HIGH
Customer Support System v1 - SQL Injection via lastname Parameter
CVSS 8.8
CVE-2023-49547 CRITICAL
Customer Support System v1 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-49546 HIGH
Customer Support System v1 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2023-49544 MEDIUM
Customer Support System v1 - Local File Inclusion via Page Parameter
CVSS 4.9
CVE-2023-7110 HIGH
Library Management System 2.0 - SQL Injection via login.php Student Parameter
CVSS 7.3
CVE-2023-7109 HIGH
Library Management System 2.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2023-7107 HIGH
E-Commerce Website 1.0 - SQL Injection via user_signup.php Parameter Manipulation
CVSS 7.3
CVE-2023-7106 MEDIUM
E-Commerce Website 1.0 - SQL Injection via prod_id Parameter
CVSS 6.3
CVE-2023-7105 MEDIUM
E-Commerce Website 1.0 - SQL Injection via index_search.php Search Parameter
CVSS 4.7
CVE-2023-52155 HIGH
PMB < 7.4.7 - Authenticated SQL Injection via sauvegardes Variable
CVSS 7.2
CVE-2023-52153 CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via PmbOpac-LOGIN Cookie
CVSS 9.8
CVE-2023-51828 CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via Query Parameter in get_next_notice Function
CVSS 9.8
Details
Vulnerabilities 19,728
Exploit Likelihood High