CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-7126 MEDIUM
Automated Voting System 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 6.3
CVE-2023-50855 HIGH
Pre* Party Resource Hints < 1.8.18 - SQL Injection
CVSS 7.6
CVE-2023-50854 HIGH
Squirrly SEO - Advanced Pack < 2.4.02 - SQL Injection
CVSS 7.6
CVE-2023-50853 HIGH
Advanced Form Integration < 1.75.0 - SQL Injection
CVSS 7.6
CVE-2023-50852 HIGH
StylemixThemes BookIt < 2.4.3 - SQL Injection
CVSS 7.6
CVE-2023-50851 HIGH
Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin < 1.6.6.1 - SQL Injection
CVSS 7.6
CVE-2023-50849 HIGH
E2Pdf - Export To Pdf Tool for WordPress <= 1.20.23 - SQL Injection
CVSS 7.6
CVE-2023-50848 HIGH
Aaron J 404 Solution <= 2.34.0 - SQL Injection
CVSS 7.6
CVE-2023-50857 HIGH
FunnelKit Recover WooCommerce Cart Abandonment <= 2.6.1 - SQL Injection
CVSS 7.6
CVE-2023-50856 HIGH
FunnelKit Funnel Builder for WordPress < 2.14.3 - SQL Injection
CVSS 7.6
CVE-2023-4671 CRITICAL
Talent Software ECOP < 32255 - SQL Injection
CVSS 9.8
CVE-2023-46989 HIGH
Innovadeluxe Quick Order < 1.4.0 - SQL Injection via getProducts() Function
CVSS 7.8
CVE-2023-7123 MEDIUM
SourceCodester Medicine Tracking System 1.0 - SQL Injection via Master.php id/name/description Parameters
CVSS 6.3
CVE-2023-52096 HIGH
SteVe Community ocpp-jaxb <0.0.8 - SQL Injection
CVSS 7.5
CVE-2023-5674 HIGH
WP Mail Log < 1.1.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5645 HIGH
WP Mail Log < 1.1.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5203 HIGH
WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL Injection via Request URL or Query Parameters
CVSS 7.5
CVE-2023-7111 MEDIUM
Library Management System 2.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-49954 CRITICAL
3CX < 18.0.9.23 and 20 < 20.0.0.1494 - SQL Injection via CRM Integration
CVSS 9.8
CVE-2023-7100 MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection via fdate/tdate Parameters
CVSS 6.3
CVE-2023-7099 MEDIUM
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 6.3
CVE-2023-7097 MEDIUM
Water Billing System 1.0 - SQL Injection via owners_id Parameter in addbill.php
CVSS 6.3
CVE-2023-7096 MEDIUM
Faculty Management System 1.0 - SQL Injection via crud.php fieldname/tablename Parameter
CVSS 4.7
CVE-2023-51448 HIGH
Cacti 1.2.25 - Authenticated Blind SQL Injection via SNMP Notification Receivers
CVSS 8.8
CVE-2023-49085 HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via pollers.php
CVSS 8.8
Details
Vulnerabilities 19,730
Exploit Likelihood High