CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-7130 MEDIUM
College Notes Gallery 2.0 - SQL Injection via login.php User Parameter
CVSS 6.3
CVE-2023-7180 MEDIUM
Tongda OA < 11.10 - SQL Injection via PROJ_ID_STR Parameter
CVSS 5.5
CVE-2023-7179 MEDIUM
Online College Library System 1.0 - SQL Injection via Category Row HTTP POST Request Handler
CVSS 4.7
CVE-2023-7178 MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via /admin/book_row.php id Parameter
CVSS 4.7
CVE-2023-50589 CRITICAL
Grupo Embras GEOSIAP ERP 2.2.167.02 - SQL Injection via codLogin Parameter
CVSS 9.8
CVE-2023-7177 MEDIUM
Online College Library System 1.0 - SQL Injection via /admin/book_add.php Category Parameter
CVSS 4.7
CVE-2023-7176 MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via student Parameter in Return Add Handler
CVSS 4.7
CVE-2023-50578 CRITICAL
Mingsoft MCMS v5.2.9 - SQL Injection via categoryType Parameter
CVSS 9.8
CVE-2023-7175 MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via /admin/borrow_add.php Student Parameter
CVSS 4.7
CVE-2023-7172 HIGH
PHPGurukul Hospital Management System 1.0 - SQL Injection in Admin Dashboard
CVSS 7.3
CVE-2023-41543 CRITICAL
jeecg_boot 3.5.3 - SQL Injection via /sys/replicate/check
CVSS 9.8
CVE-2023-41542 CRITICAL
jeecg-boot 3.5.3 - SQL Injection via jmreport/qurestSql Component
CVSS 9.8
CVE-2023-50071 HIGH
Sourcecodester Customer Support System 1.0 - SQL Injection via Department ID or Name Parameter
CVSS 8.8
CVE-2023-50070 HIGH
Sourcecodester Customer Support System 1.0 - SQL Injection via department_id, customer_id, and subject Parameters
CVSS 8.8
CVE-2023-50035 CRITICAL
Small CRM 3.0 - SQL Injection via Users Login Panel Password Parameter
CVSS 9.8
CVE-2023-4675 CRITICAL
Gmbilisim Multi-disciplinary Design Optimization - SQL Injection
CVSS 9.8
CVE-2023-4674 CRITICAL
Yaztek E-Commerce Software <= 20231229 - SQL Injection
CVSS 9.8
CVE-2023-4541 CRITICAL
Ween Software Admin Panel <20231229 - SQL Injection
CVSS 9.8
CVE-2023-50837 HIGH
Login Lockdown - Protect Login Form <= 2.06 - SQL Injection
CVSS 7.6
CVE-2023-44088 MEDIUM
Pandora FMS 700-774 - Authenticated SQL Injection
CVSS 5.9
CVE-2023-52135 HIGH
WS Form LITE < 1.9.170 - SQL Injection
CVSS 7.6
CVE-2023-7161 HIGH
Netentsec NS-ASG Application Security Gateway 6.3.1 - SQL Injection via check_VirtualSiteId Parameter
CVSS 7.3
CVE-2023-23634 CRITICAL
Documize 5.4.2 - SQL Injection via User Parameter in Dashboard Activity Endpoint
CVSS 9.8
CVE-2023-7157 MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via columns[0][data] Parameter
CVSS 6.3
CVE-2023-7156 HIGH
Campcodes Online College Library System 1.0 - SQL Injection via Search Component Index.php Category Parameter
CVSS 7.3
Details
Vulnerabilities 19,730
Exploit Likelihood High