CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-49665 CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via quantity[] Parameter
CVSS 9.8
CVE-2023-49658 CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via bank_details Parameter
CVSS 9.8
CVE-2023-49639 CRITICAL
kashipara billing_software v1.0 - Unauthenticated SQL Injection via buyer_invoice_submit.php customer_details Parameter
CVSS 9.8
CVE-2023-49633 CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via buyer_address Parameter
CVSS 9.8
CVE-2023-49625 CRITICAL
kashipara billing_software v1.0 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2023-49624 CRITICAL
Kashipara Billing Software v1.0 - Unauthenticated SQL Injection via material_bill.php cancelid Parameter
CVSS 9.8
CVE-2023-49622 CRITICAL
Kashipara Billing Software v1.0 - Unauthenticated SQL Injection via itemnameid Parameter
CVSS 9.8
CVE-2023-6981 MEDIUM
WP SMS < 6.5 - Authenticated SQL Injection via group_id Parameter
CVSS 6.1
CVE-2023-6436 CRITICAL
Ekol Informatics Website Template <20231215 - SQL Injection
CVSS 9.8
CVE-2023-52133 HIGH
Most And Least Read Posts Widget < 2.5.16 - SQL Injection
CVSS 8.5
CVE-2023-52132 HIGH
WP Adminify < 3.1.6 - SQL Injection
CVSS 7.6
CVE-2023-52131 HIGH
WP Zinc Page Generator <= 1.7.1 - SQL Injection
CVSS 7.6
CVE-2023-51547 HIGH
Fluent Support < 1.7.6 - SQL Injection
CVSS 7.6
CVE-2023-51469 CRITICAL
Mestres do WP Checkout <7.1.9.6 - SQL Injection
CVSS 9.3
CVE-2023-51423 CRITICAL
Saleswonder Team Webinar Plugin <3.05.0 - SQL Injection
CVSS 9.3
CVE-2023-52134 HIGH
GEO my WordPress <= 4.0.2 - SQL Injection
CVSS 7.6
CVE-2023-7191 MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via M_login/M_email Parameter
CVSS 5.5
CVE-2023-7190 MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via A_text/A_url/A_contact Parameters
CVSS 5.5
CVE-2023-7189 MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via lid Parameter in Statistics Endpoint
CVSS 5.5
CVE-2023-7188 MEDIUM
fahuo100 < 1.1 - SQL Injection via M_pwd Parameter in member/login.php
CVSS 5.0
CVE-2023-7186 MEDIUM
7-card Fakabao <= 1.0_build20230805 - SQL Injection via out_trade_no Parameter
CVSS 5.5
CVE-2023-7185 MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Argument
CVSS 5.5
CVE-2023-7184 MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Parameter
CVSS 5.5
CVE-2023-7183 MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Argument
CVSS 5.5
CVE-2023-52180 HIGH
Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,730
Exploit Likelihood High