CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,728 vulnerabilities with CWE-89
CVE-2023-50028 CRITICAL
Sliding cart block < 2.3.8 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-46351 CRITICAL
manufacturers_brands_images_block < 1.6.1 - Unauthenticated SQL Injection via getManufacturersByCategory Method
CVSS 9.8
CVE-2023-43985 CRITICAL
SunnyToo stblogsearch <1.0.0 - SQL Injection
CVSS 9.8
CVE-2023-5806 CRITICAL
Mergen Software Quality Management System < v1.2 - SQL Injection
CVSS 9.8
CVE-2023-20271 MEDIUM
Cisco Prime Infrastructure/EPNM - SQL Injection
CVSS 6.5
CVE-2023-5041 HIGH
Track The Click WordPress Plugin < 0.3.12 - Authenticated Time-Based Blind SQL Injection via Stats REST Endpoint
CVSS 8.8
CVE-2023-52285 HIGH
ExamSys - SQL Injection via Support Pages s_score2 Parameter
CVSS 7.5
CVE-2023-6373 HIGH
ArtPlacer Widget WordPress <2.20.7 - SQL Injection
CVSS 8.8
CVE-2023-3211 CRITICAL
WordPress Database Administrator < 1.0.3 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2023-2655 HIGH
Contact Form by WD WordPress plugin < 1.13.23 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-0224 CRITICAL
GiveWP < 2.24.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-51810 HIGH
StackIdeas EasyDiscuss <5.0.10 - SQL Injection
CVSS 7.5
CVE-2023-47460 HIGH
Knovos Discovery 22.67.0 - SQL Injection via Admin.svc/getGridColumnStructure
CVSS 8.8
CVE-2023-6620 HIGH
POST SMTP Mailer WordPress Plugin < 2.8.7 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-51805 MEDIUM
TDuckCLoud tduck-platform <4.0 - SQL Injection
CVSS 6.5
CVE-2023-51978 MEDIUM
PHPGurukul Art Gallery Mgmt <1.1 - SQL Injection
CVSS 6.5
CVE-2023-30016 CRITICAL
oretnom23 Judging Management System 1.0 - SQL Injection via sub_event_id Parameter
CVSS 9.8
CVE-2023-30015 CRITICAL
oretnom23 Judging Management System v1.0 - SQL Injection via txtsearch Parameter
CVSS 9.8
CVE-2023-30014 CRITICAL
oretnom23 Judging Management System 1.0 - SQL Injection via sub_event_id Parameter
CVSS 9.8
CVE-2023-6567 CRITICAL
LearnPress <4.2.5.7 - SQL Injection
CVSS 9.8
CVE-2023-52064 CRITICAL
wuzhicms v4.1.0 - SQL Injection via $keywords Parameter
CVSS 9.8
CVE-2023-48261 MEDIUM
Bosch NEXO-OS 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48260 MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48259 MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48253 HIGH
Bosch nexo-os 1000-1500-sp2 - Authenticated SQL Injection via HTTP Request
CVSS 8.8
Details
Vulnerabilities 19,728
Exploit Likelihood High