CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,728 vulnerabilities with CWE-89
CVE-2023-50028
CRITICAL
Sliding cart block < 2.3.8 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-46351
CRITICAL
manufacturers_brands_images_block < 1.6.1 - Unauthenticated SQL Injection via getManufacturersByCategory Method
CVSS 9.8
CVE-2023-43985
CRITICAL
SunnyToo stblogsearch <1.0.0 - SQL Injection
CVSS 9.8
CVE-2023-5806
CRITICAL
Mergen Software Quality Management System < v1.2 - SQL Injection
CVSS 9.8
CVE-2023-20271
MEDIUM
Cisco Prime Infrastructure/EPNM - SQL Injection
CVSS 6.5
CVE-2023-5041
HIGH
Track The Click WordPress Plugin < 0.3.12 - Authenticated Time-Based Blind SQL Injection via Stats REST Endpoint
CVSS 8.8
CVE-2023-52285
HIGH
ExamSys - SQL Injection via Support Pages s_score2 Parameter
CVSS 7.5
CVE-2023-6373
HIGH
ArtPlacer Widget WordPress <2.20.7 - SQL Injection
CVSS 8.8
CVE-2023-3211
CRITICAL
WordPress Database Administrator < 1.0.3 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
CVE-2023-2655
HIGH
Contact Form by WD WordPress plugin < 1.13.23 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-0224
CRITICAL
GiveWP < 2.24.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-51810
HIGH
StackIdeas EasyDiscuss <5.0.10 - SQL Injection
CVSS 7.5
CVE-2023-47460
HIGH
Knovos Discovery 22.67.0 - SQL Injection via Admin.svc/getGridColumnStructure
CVSS 8.8
CVE-2023-6620
HIGH
POST SMTP Mailer WordPress Plugin < 2.8.7 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-51805
MEDIUM
TDuckCLoud tduck-platform <4.0 - SQL Injection
CVSS 6.5
CVE-2023-51978
MEDIUM
PHPGurukul Art Gallery Mgmt <1.1 - SQL Injection
CVSS 6.5
CVE-2023-30016
CRITICAL
oretnom23 Judging Management System 1.0 - SQL Injection via sub_event_id Parameter
CVSS 9.8
CVE-2023-30015
CRITICAL
oretnom23 Judging Management System v1.0 - SQL Injection via txtsearch Parameter
CVSS 9.8
CVE-2023-30014
CRITICAL
oretnom23 Judging Management System 1.0 - SQL Injection via sub_event_id Parameter
CVSS 9.8
CVE-2023-6567
CRITICAL
LearnPress <4.2.5.7 - SQL Injection
CVSS 9.8
CVE-2023-52064
CRITICAL
wuzhicms v4.1.0 - SQL Injection via $keywords Parameter
CVSS 9.8
CVE-2023-48261
MEDIUM
Bosch NEXO-OS 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48260
MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48259
MEDIUM
Bosch nexo-os 1000-1500-sp2 - Unauthenticated SQL Injection
CVSS 5.3
CVE-2023-48253
HIGH
Bosch nexo-os 1000-1500-sp2 - Authenticated SQL Injection via HTTP Request
CVSS 8.8
Details
Vulnerabilities
19,728
Exploit Likelihood
High