CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,728 vulnerabilities with CWE-89
CVE-2023-38844 HIGH
PMB < 7.4.7 - SQL Injection via Thesaurus Parameter in export_skos.php
CVSS 7.5
CVE-2023-37177 CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via Export Z3950 Query Parameter
CVSS 9.8
CVE-2023-45860 MEDIUM
Hazelcast Platform <5.3.4 - SQL Injection
CVSS 6.5
CVE-2023-7081 CRITICAL
POSTAHSL Online Payment System < 14.02.2024 - SQL Injection
CVSS 9.8
CVE-2023-5155 CRITICAL
Utarit Information Technologies SoliPay <5.0.8 - SQL Injection
CVSS 9.8
CVE-2023-6441 CRITICAL
UNI-PA University Information System < 12.12.2023 - SQL Injection
CVSS 9.8
CVE-2023-48987 HIGH
CU Solutions Group CMS <7.75 - SQL Injection
CVSS 7.5
CVE-2023-44294 MEDIUM
Dell Secure Connect Gateway 5.10.00.00-5.18.00.00 - Authenticated SQL Injection via Collection Rest API Filters
CVSS 5.4
CVE-2023-44293 MEDIUM
Dell Secure Connect Gateway 5.10.00.00-5.18.00.00 - Authenticated SQL Injection via IP Range Rest API
CVSS 5.4
CVE-2023-6677 CRITICAL
Oduyo Online Collection < 1.0.2 - SQL Injection
CVSS 9.8
CVE-2023-50026 CRITICAL
Presta Monster Multi Accessories Pro < 5.3.0 - SQL Injection
CVSS 9.8
CVE-2023-46350 CRITICAL
InnovaDeluxe Manufacturer or Supplier Alphabetical Search < 2.0.5 - SQL Injection via IdxrmanufacturerFunctions Methods
CVSS 9.8
CVE-2023-50061 CRITICAL
PrestaShop Op'art Easy Redirect 1.3.8-1.3.12 - SQL Injection via Oparteasyredirect::hookActionDispatcher()
CVSS 9.8
CVE-2023-46914 CRITICAL
RM bookingcalendar < 2.7.9 - SQL Injection via ics_export.php
CVSS 9.8
CVE-2023-50395 HIGH
SolarWinds Platform < 2024.1 - Authenticated SQL Injection and Remote Code Execution via Update Statement
CVSS 8.0
CVE-2023-35188 HIGH
SolarWinds Platform < 2024.1 - Authenticated SQL Injection via CREATE Statement
CVSS 8.0
CVE-2023-51951 CRITICAL
Stock Management System 1.0 - SQL Injection via manage_bo.php id Parameter
CVSS 9.8
CVE-2023-47568 HIGH
QNAP QTS and QuTS hero - Authenticated SQL Injection
CVSS 8.8
CVE-2023-48645 HIGH
Archibus 4.0.3 - SQL Injection in Maintenance Module Search Feature
CVSS 7.8
CVE-2023-48793 CRITICAL
Zoho ManageEngine ADAudit Plus <7250 - SQL Injection
CVSS 9.8
CVE-2023-48792 CRITICAL
Zoho ManageEngine ADAudit Plus <7250 - SQL Injection
CVSS 9.8
CVE-2023-51210 CRITICAL
Webkul Bundle Product 6.0.1 - SQL Injection via id_product Parameter in UpdateProductQuantity
CVSS 9.8
CVE-2023-48118 CRITICAL
Quest Analytics IQCRM 2023.9.5 - SQL Injection via Common.svc WSDL Request
CVSS 9.8
CVE-2023-51927 CRITICAL
YonBIP v3_23.05 - SQL Injection via AttendScriptController.runScript()
CVSS 9.8
CVE-2023-50030 CRITICAL
Jms Setting <= 1.1.0 - Unauthenticated SQL Injection via JmsSetting::getSecondImgs()
CVSS 9.8
Details
Vulnerabilities 19,728
Exploit Likelihood High