CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,728 vulnerabilities with CWE-89
CVE-2023-38844
HIGH
PMB < 7.4.7 - SQL Injection via Thesaurus Parameter in export_skos.php
CVSS 7.5
CVE-2023-37177
CRITICAL
PMB < 7.4.7 - Unauthenticated SQL Injection via Export Z3950 Query Parameter
CVSS 9.8
CVE-2023-45860
MEDIUM
Hazelcast Platform <5.3.4 - SQL Injection
CVSS 6.5
CVE-2023-7081
CRITICAL
POSTAHSL Online Payment System < 14.02.2024 - SQL Injection
CVSS 9.8
CVE-2023-5155
CRITICAL
Utarit Information Technologies SoliPay <5.0.8 - SQL Injection
CVSS 9.8
CVE-2023-6441
CRITICAL
UNI-PA University Information System < 12.12.2023 - SQL Injection
CVSS 9.8
CVE-2023-48987
HIGH
CU Solutions Group CMS <7.75 - SQL Injection
CVSS 7.5
CVE-2023-44294
MEDIUM
Dell Secure Connect Gateway 5.10.00.00-5.18.00.00 - Authenticated SQL Injection via Collection Rest API Filters
CVSS 5.4
CVE-2023-44293
MEDIUM
Dell Secure Connect Gateway 5.10.00.00-5.18.00.00 - Authenticated SQL Injection via IP Range Rest API
CVSS 5.4
CVE-2023-6677
CRITICAL
Oduyo Online Collection < 1.0.2 - SQL Injection
CVSS 9.8
CVE-2023-50026
CRITICAL
Presta Monster Multi Accessories Pro < 5.3.0 - SQL Injection
CVSS 9.8
CVE-2023-46350
CRITICAL
InnovaDeluxe Manufacturer or Supplier Alphabetical Search < 2.0.5 - SQL Injection via IdxrmanufacturerFunctions Methods
CVSS 9.8
CVE-2023-50061
CRITICAL
PrestaShop Op'art Easy Redirect 1.3.8-1.3.12 - SQL Injection via Oparteasyredirect::hookActionDispatcher()
CVSS 9.8
CVE-2023-46914
CRITICAL
RM bookingcalendar < 2.7.9 - SQL Injection via ics_export.php
CVSS 9.8
CVE-2023-50395
HIGH
SolarWinds Platform < 2024.1 - Authenticated SQL Injection and Remote Code Execution via Update Statement
CVSS 8.0
CVE-2023-35188
HIGH
SolarWinds Platform < 2024.1 - Authenticated SQL Injection via CREATE Statement
CVSS 8.0
CVE-2023-51951
CRITICAL
Stock Management System 1.0 - SQL Injection via manage_bo.php id Parameter
CVSS 9.8
CVE-2023-47568
HIGH
QNAP QTS and QuTS hero - Authenticated SQL Injection
CVSS 8.8
CVE-2023-48645
HIGH
Archibus 4.0.3 - SQL Injection in Maintenance Module Search Feature
CVSS 7.8
CVE-2023-48793
CRITICAL
Zoho ManageEngine ADAudit Plus <7250 - SQL Injection
CVSS 9.8
CVE-2023-48792
CRITICAL
Zoho ManageEngine ADAudit Plus <7250 - SQL Injection
CVSS 9.8
CVE-2023-51210
CRITICAL
Webkul Bundle Product 6.0.1 - SQL Injection via id_product Parameter in UpdateProductQuantity
CVSS 9.8
CVE-2023-48118
CRITICAL
Quest Analytics IQCRM 2023.9.5 - SQL Injection via Common.svc WSDL Request
CVSS 9.8
CVE-2023-51927
CRITICAL
YonBIP v3_23.05 - SQL Injection via AttendScriptController.runScript()
CVSS 9.8
CVE-2023-50030
CRITICAL
Jms Setting <= 1.1.0 - Unauthenticated SQL Injection via JmsSetting::getSecondImgs()
CVSS 9.8
Details
Vulnerabilities
19,728
Exploit Likelihood
High