CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,728 vulnerabilities with CWE-89
CVE-2023-48864 HIGH
SEMCMS v4.8 - SQL Injection via languageID Parameter
CVSS 7.5
CVE-2023-39336 HIGH
Ivanti Endpoint Manager < 2022 SU 5 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2023-50162 HIGH
EmpireCMS 7.5 - SQL Injection via DoExecSql Function
CVSS 7.2
CVE-2023-52201 HIGH
Brian D. Goad pTypeConverter <= 0.2.8.1 - SQL Injection
CVSS 7.6
CVE-2023-52142 HIGH
Events Shortcodes For The Events Calendar < 2.3.1 - SQL Injection
CVSS 7.6
CVE-2023-52204 HIGH
Javik Randomize < 1.4.3 - SQL Injection
CVSS 8.5
CVE-2023-52215 CRITICAL
UkrSolution Simple Inventory Management < 1.5.1 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-6921 CRITICAL
PrestaShow Google Integrator < 2.1.4 - Blind SQL Injection via Cookie
CVSS 9.8
CVE-2023-46953 CRITICAL
abo.cms 5.9.3 - SQL Injection via Documents Module d Parameter
CVSS 9.8
CVE-2023-39853 MEDIUM
Dzzoffice 2.01 - SQL Injection via Network Disk Backend doobj and doevent Parameters
CVSS 6.5
CVE-2023-47219 LOW
QuMagie < 2.2.1 - Authenticated SQL Injection
CVSS 3.5
CVE-2023-41287 MEDIUM
Video Station <5.7.2 - SQL Injection
CVSS 4.3
CVE-2023-50027 CRITICAL
Buy Addons baproductzoommagnifier < 1.0.16 - SQL Injection via BaproductzoommagnifierZoomModuleFrontController
CVSS 9.8
CVE-2023-50867 CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-50866 CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via Login Username Parameter
CVSS 9.8
CVE-2023-50865 CRITICAL
kashipara travel_website 1.0 - Unauthenticated SQL Injection via Hotel Search City Parameter
CVSS 9.8
CVE-2023-50864 CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via hotelId Parameter
CVSS 9.8
CVE-2023-50863 CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via hotelIDHidden Parameter
CVSS 9.8
CVE-2023-50862 CRITICAL
kashipara travel_website v1.0 - Unauthenticated SQL Injection via booking.php hotelIDHidden Parameter
CVSS 9.8
CVE-2023-50753 CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via dd Parameter
CVSS 9.8
CVE-2023-50752 CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via Login e Parameter
CVSS 9.8
CVE-2023-50743 CRITICAL
Online Notice Board System 1.0 - Unauthenticated SQL Injection via Registration dd Parameter
CVSS 9.8
CVE-2023-49666 CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via custmer_details Parameter
CVSS 9.8
CVE-2023-49665 CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via quantity[] Parameter
CVSS 9.8
CVE-2023-49658 CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via bank_details Parameter
CVSS 9.8
Details
Vulnerabilities 19,728
Exploit Likelihood High