CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,730 vulnerabilities with CWE-89
CVE-2023-7155
MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via edit_product.php id Parameter
CVSS 6.3
CVE-2023-7146
MEDIUM
masterlab < 3.3.10 - SQL Injection via Phone Argument in HTTP POST Request Handler
CVSS 6.3
CVE-2023-7145
MEDIUM
masterlab < 3.3.10 - SQL Injection via HTTP POST Request Handler pwd Argument
CVSS 6.3
CVE-2023-7144
MEDIUM
masterlab < 3.3.10 - SQL Injection via HTTP POST Request Handler
CVSS 6.3
CVE-2023-7142
MEDIUM
Client Details System 1.0 - SQL Injection via ID Parameter in /admin/clientview.php
CVSS 4.3
CVE-2023-7141
MEDIUM
Client Details System 1.0 - SQL Injection via uid Parameter in /admin/update-clients.php
CVSS 4.3
CVE-2023-7140
MEDIUM
Client Details System 1.0 - SQL Injection via /admin/manage-users.php id Parameter
CVSS 4.3
CVE-2023-7139
MEDIUM
Client Details System 1.0 - SQL Injection via HTTP POST Request Handler
CVSS 4.3
CVE-2023-7138
MEDIUM
Client Details System 1.0 - SQL Injection via Username Parameter in Admin Endpoint
CVSS 6.3
CVE-2023-7137
MEDIUM
Client Details System 1.0 - SQL Injection via uemail Parameter
CVSS 6.3
CVE-2023-50839
CRITICAL
JS Help Desk < 2.8.1 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-50838
HIGH
NEX-Forms < 8.5.5 - SQL Injection
CVSS 7.6
CVE-2023-50847
HIGH
Welcart e-Commerce <= 2.9.3 - SQL Injection
CVSS 7.6
CVE-2023-50846
HIGH
RegistrationMagic < 5.2.4.5 - SQL Injection
CVSS 7.6
CVE-2023-50845
HIGH
GeoDirectory < 2.3.28 - SQL Injection
CVSS 7.6
CVE-2023-50844
HIGH
WP Mail Catcher <= 2.1.3 - SQL Injection
CVSS 7.6
CVE-2023-50843
HIGH
Clockwork SMS Notfications < 3.0.4 - SQL Injection
CVSS 7.6
CVE-2023-50842
HIGH
MF Gig Calendar < 1.2.1 - SQL Injection
CVSS 8.5
CVE-2023-50841
HIGH
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin < 1.0.72 - SQL Injection
CVSS 8.5
CVE-2023-50840
HIGH
Booking Manager < 2.1.5 - SQL Injection
CVSS 8.5
CVE-2023-7131
MEDIUM
Intern Membership Management System 2.0 - SQL Injection via User Registration userName Parameter
CVSS 6.3
CVE-2023-7129
MEDIUM
code-projects Voting System 1.0 - SQL Injection via Voters Login
CVSS 5.5
CVE-2023-52082
HIGH
Lychee 4.9.3-5.0.2 - SQL Injection via SQL EXPLAIN Logging
CVSS 8.8
CVE-2023-7128
MEDIUM
code-projects Voting System 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 6.3
CVE-2023-7127
MEDIUM
Automated Voting System 1.0 - SQL Injection via Login Component
CVSS 6.3
Details
Vulnerabilities
19,730
Exploit Likelihood
High