CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,730 vulnerabilities with CWE-89
CVE-2023-49665
CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via quantity[] Parameter
CVSS 9.8
CVE-2023-49658
CRITICAL
Kashipara Billing Software 1.0 - Unauthenticated SQL Injection via bank_details Parameter
CVSS 9.8
CVE-2023-49639
CRITICAL
kashipara billing_software v1.0 - Unauthenticated SQL Injection via buyer_invoice_submit.php customer_details Parameter
CVSS 9.8
CVE-2023-49633
CRITICAL
Billing Software 1.0 - Unauthenticated SQL Injection via buyer_address Parameter
CVSS 9.8
CVE-2023-49625
CRITICAL
kashipara billing_software v1.0 - Unauthenticated SQL Injection via id Parameter
CVSS 9.8
CVE-2023-49624
CRITICAL
Kashipara Billing Software v1.0 - Unauthenticated SQL Injection via material_bill.php cancelid Parameter
CVSS 9.8
CVE-2023-49622
CRITICAL
Kashipara Billing Software v1.0 - Unauthenticated SQL Injection via itemnameid Parameter
CVSS 9.8
CVE-2023-6981
MEDIUM
WP SMS < 6.5 - Authenticated SQL Injection via group_id Parameter
CVSS 6.1
CVE-2023-6436
CRITICAL
Ekol Informatics Website Template <20231215 - SQL Injection
CVSS 9.8
CVE-2023-52133
HIGH
Most And Least Read Posts Widget < 2.5.16 - SQL Injection
CVSS 8.5
CVE-2023-52132
HIGH
WP Adminify < 3.1.6 - SQL Injection
CVSS 7.6
CVE-2023-52131
HIGH
WP Zinc Page Generator <= 1.7.1 - SQL Injection
CVSS 7.6
CVE-2023-51547
HIGH
Fluent Support < 1.7.6 - SQL Injection
CVSS 7.6
CVE-2023-51469
CRITICAL
Mestres do WP Checkout <7.1.9.6 - SQL Injection
CVSS 9.3
CVE-2023-51423
CRITICAL
Saleswonder Team Webinar Plugin <3.05.0 - SQL Injection
CVSS 9.3
CVE-2023-52134
HIGH
GEO my WordPress <= 4.0.2 - SQL Injection
CVSS 7.6
CVE-2023-7191
MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via M_login/M_email Parameter
CVSS 5.5
CVE-2023-7190
MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via A_text/A_url/A_contact Parameters
CVSS 5.5
CVE-2023-7189
MEDIUM
S-CMS up to 2.0_build20220529-20231006 - SQL Injection via lid Parameter in Statistics Endpoint
CVSS 5.5
CVE-2023-7188
MEDIUM
fahuo100 < 1.1 - SQL Injection via M_pwd Parameter in member/login.php
CVSS 5.0
CVE-2023-7186
MEDIUM
7-card Fakabao <= 1.0_build20230805 - SQL Injection via out_trade_no Parameter
CVSS 5.5
CVE-2023-7185
MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Argument
CVSS 5.5
CVE-2023-7184
MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Parameter
CVSS 5.5
CVE-2023-7183
MEDIUM
7-card Fakabao up to 1.0_build20230805 - SQL Injection via out_trade_no Argument
CVSS 5.5
CVE-2023-52180
HIGH
Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,730
Exploit Likelihood
High