CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,728 vulnerabilities with CWE-89
CVE-2023-48864
HIGH
SEMCMS v4.8 - SQL Injection via languageID Parameter
CVSS 7.5
CVE-2023-39336
HIGH
Ivanti Endpoint Manager < 2022 SU 5 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2023-50162
HIGH
EmpireCMS 7.5 - SQL Injection via DoExecSql Function
CVSS 7.2
CVE-2023-52201
HIGH
Brian D. Goad pTypeConverter <= 0.2.8.1 - SQL Injection
CVSS 7.6
CVE-2023-52142
HIGH
Events Shortcodes For The Events Calendar < 2.3.1 - SQL Injection
CVSS 7.6
CVE-2023-52204
HIGH
Javik Randomize < 1.4.3 - SQL Injection
CVSS 8.5
CVE-2023-52215
CRITICAL
UkrSolution Simple Inventory Management < 1.5.1 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-6921
CRITICAL
PrestaShow Google Integrator < 2.1.4 - Blind SQL Injection via Cookie
CVSS 9.8
CVE-2023-46953
CRITICAL
abo.cms 5.9.3 - SQL Injection via Documents Module d Parameter
CVSS 9.8
CVE-2023-39853
MEDIUM
Dzzoffice 2.01 - SQL Injection via Network Disk Backend doobj and doevent Parameters
CVSS 6.5
CVE-2023-47219
LOW
QuMagie < 2.2.1 - Authenticated SQL Injection
CVSS 3.5
CVE-2023-41287
MEDIUM
Video Station <5.7.2 - SQL Injection
CVSS 4.3
CVE-2023-50027
CRITICAL
Buy Addons baproductzoommagnifier < 1.0.16 - SQL Injection via BaproductzoommagnifierZoomModuleFrontController
CVSS 9.8
CVE-2023-50867
CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-50866
CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2023-50865
CRITICAL
kashipara travel_website 1.0 - Unauthenticated SQL Injection via Hotel Search City Parameter
CVSS 9.8
CVE-2023-50864
CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via hotelId Parameter
CVSS 9.8
CVE-2023-50863
CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via hotelIDHidden Parameter
CVSS 9.8
CVE-2023-50862
CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via booking.php hotelIDHidden Parameter
CVSS 9.8
CVE-2023-50753
CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via dd Parameter
CVSS 9.8
CVE-2023-50752
CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via Login e Parameter
CVSS 9.8
CVE-2023-50743
CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via Registration dd Parameter
CVSS 9.8
CVE-2023-49666
CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via custmer_details Parameter
CVSS 9.8
CVE-2023-49665
CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via quantity[] Parameter
CVSS 9.8
CVE-2023-49658
CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via bank_details Parameter
CVSS 9.8
Details
Vulnerabilities
19,728
Exploit Likelihood
High