CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,730 vulnerabilities with CWE-89
CVE-2023-7130
MEDIUM
College Notes Gallery 2.0 - SQL Injection via login.php User Parameter
CVSS 6.3
CVE-2023-7180
MEDIUM
Tongda OA < 11.10 - SQL Injection via PROJ_ID_STR Parameter
CVSS 5.5
CVE-2023-7179
MEDIUM
Online College Library System 1.0 - SQL Injection via Category Row HTTP POST Request Handler
CVSS 4.7
CVE-2023-7178
MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via /admin/book_row.php id Parameter
CVSS 4.7
CVE-2023-50589
CRITICAL
Grupo Embras GEOSIAP ERP 2.2.167.02 - SQL Injection via codLogin Parameter
CVSS 9.8
CVE-2023-7177
MEDIUM
Online College Library System 1.0 - SQL Injection via /admin/book_add.php Category Parameter
CVSS 4.7
CVE-2023-7176
MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via student Parameter in Return Add Handler
CVSS 4.7
CVE-2023-50578
CRITICAL
Mingsoft MCMS v5.2.9 - SQL Injection via categoryType Parameter
CVSS 9.8
CVE-2023-7175
MEDIUM
Campcodes Online College Library System 1.0 - SQL Injection via /admin/borrow_add.php Student Parameter
CVSS 4.7
CVE-2023-7172
HIGH
PHPGurukul Hospital Management System 1.0 - SQL Injection in Admin Dashboard
CVSS 7.3
CVE-2023-41543
CRITICAL
jeecg_boot 3.5.3 - SQL Injection via /sys/replicate/check
CVSS 9.8
CVE-2023-41542
CRITICAL
jeecg-boot 3.5.3 - SQL Injection via jmreport/qurestSql Component
CVSS 9.8
CVE-2023-50071
HIGH
Sourcecodester Customer Support System 1.0 - SQL Injection via Department ID or Name Parameter
CVSS 8.8
CVE-2023-50070
HIGH
Sourcecodester Customer Support System 1.0 - SQL Injection via department_id, customer_id, and subject Parameters
CVSS 8.8
CVE-2023-50035
CRITICAL
Small CRM 3.0 - SQL Injection via Users Login Panel Password Parameter
CVSS 9.8
CVE-2023-4675
CRITICAL
Gmbilisim Multi-disciplinary Design Optimization - SQL Injection
CVSS 9.8
CVE-2023-4674
CRITICAL
Yaztek E-Commerce Software <= 20231229 - SQL Injection
CVSS 9.8
CVE-2023-4541
CRITICAL
Ween Software Admin Panel <20231229 - SQL Injection
CVSS 9.8
CVE-2023-50837
HIGH
Login Lockdown - Protect Login Form <= 2.06 - SQL Injection
CVSS 7.6
CVE-2023-44088
MEDIUM
Pandora FMS 700-774 - Authenticated SQL Injection
CVSS 5.9
CVE-2023-52135
HIGH
WS Form LITE < 1.9.170 - SQL Injection
CVSS 7.6
CVE-2023-7161
HIGH
Netentsec NS-ASG Application Security Gateway 6.3.1 - SQL Injection via check_VirtualSiteId Parameter
CVSS 7.3
CVE-2023-23634
CRITICAL
Documize 5.4.2 - SQL Injection via User Parameter in Dashboard Activity Endpoint
CVSS 9.8
CVE-2023-7157
MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via columns[0][data] Parameter
CVSS 6.3
CVE-2023-7156
HIGH
Campcodes Online College Library System 1.0 - SQL Injection via Search Component Index.php Category Parameter
CVSS 7.3
Details
Vulnerabilities
19,730
Exploit Likelihood
High