CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-7155 MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via edit_product.php id Parameter
CVSS 6.3
CVE-2023-7146 MEDIUM
masterlab < 3.3.10 - SQL Injection via Phone Argument in HTTP POST Request Handler
CVSS 6.3
CVE-2023-7145 MEDIUM
masterlab < 3.3.10 - SQL Injection via HTTP POST Request Handler pwd Argument
CVSS 6.3
CVE-2023-7144 MEDIUM
masterlab < 3.3.10 - SQL Injection via HTTP POST Request Handler
CVSS 6.3
CVE-2023-7142 MEDIUM
Client Details System 1.0 - SQL Injection via ID Parameter in /admin/clientview.php
CVSS 4.3
CVE-2023-7141 MEDIUM
Client Details System 1.0 - SQL Injection via uid Parameter in /admin/update-clients.php
CVSS 4.3
CVE-2023-7140 MEDIUM
Client Details System 1.0 - SQL Injection via /admin/manage-users.php id Parameter
CVSS 4.3
CVE-2023-7139 MEDIUM
Client Details System 1.0 - SQL Injection via HTTP POST Request Handler
CVSS 4.3
CVE-2023-7138 MEDIUM
Client Details System 1.0 - SQL Injection via Username Parameter in Admin Endpoint
CVSS 6.3
CVE-2023-7137 MEDIUM
Client Details System 1.0 - SQL Injection via uemail Parameter
CVSS 6.3
CVE-2023-50839 CRITICAL
JS Help Desk < 2.8.1 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-50838 HIGH
NEX-Forms < 8.5.5 - SQL Injection
CVSS 7.6
CVE-2023-50847 HIGH
Welcart e-Commerce <= 2.9.3 - SQL Injection
CVSS 7.6
CVE-2023-50846 HIGH
RegistrationMagic < 5.2.4.5 - SQL Injection
CVSS 7.6
CVE-2023-50845 HIGH
GeoDirectory < 2.3.28 - SQL Injection
CVSS 7.6
CVE-2023-50844 HIGH
WP Mail Catcher <= 2.1.3 - SQL Injection
CVSS 7.6
CVE-2023-50843 HIGH
Clockwork SMS Notfications < 3.0.4 - SQL Injection
CVSS 7.6
CVE-2023-50842 HIGH
MF Gig Calendar < 1.2.1 - SQL Injection
CVSS 8.5
CVE-2023-50841 HIGH
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin < 1.0.72 - SQL Injection
CVSS 8.5
CVE-2023-50840 HIGH
Booking Manager < 2.1.5 - SQL Injection
CVSS 8.5
CVE-2023-7131 MEDIUM
Intern Membership Management System 2.0 - SQL Injection via User Registration userName Parameter
CVSS 6.3
CVE-2023-7129 MEDIUM
code-projects Voting System 1.0 - SQL Injection via Voters Login
CVSS 5.5
CVE-2023-52082 HIGH
Lychee 4.9.3-5.0.2 - SQL Injection via SQL EXPLAIN Logging
CVSS 8.8
CVE-2023-7128 MEDIUM
code-projects Voting System 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 6.3
CVE-2023-7127 MEDIUM
Automated Voting System 1.0 - SQL Injection via Login Component
CVSS 6.3
Details
Vulnerabilities 19,730
Exploit Likelihood High