CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,730 vulnerabilities with CWE-89
CVE-2023-7126
MEDIUM
Automated Voting System 1.0 - SQL Injection via Admin Login Username Parameter
CVSS 6.3
CVE-2023-50855
HIGH
Pre* Party Resource Hints < 1.8.18 - SQL Injection
CVSS 7.6
CVE-2023-50854
HIGH
Squirrly SEO - Advanced Pack < 2.4.02 - SQL Injection
CVSS 7.6
CVE-2023-50853
HIGH
Advanced Form Integration < 1.75.0 - SQL Injection
CVSS 7.6
CVE-2023-50852
HIGH
StylemixThemes BookIt < 2.4.3 - SQL Injection
CVSS 7.6
CVE-2023-50851
HIGH
Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin < 1.6.6.1 - SQL Injection
CVSS 7.6
CVE-2023-50849
HIGH
E2Pdf - Export To Pdf Tool for WordPress <= 1.20.23 - SQL Injection
CVSS 7.6
CVE-2023-50848
HIGH
Aaron J 404 Solution <= 2.34.0 - SQL Injection
CVSS 7.6
CVE-2023-50857
HIGH
FunnelKit Recover WooCommerce Cart Abandonment <= 2.6.1 - SQL Injection
CVSS 7.6
CVE-2023-50856
HIGH
FunnelKit Funnel Builder for WordPress < 2.14.3 - SQL Injection
CVSS 7.6
CVE-2023-4671
CRITICAL
Talent Software ECOP < 32255 - SQL Injection
CVSS 9.8
CVE-2023-46989
HIGH
Innovadeluxe Quick Order < 1.4.0 - SQL Injection via getProducts() Function
CVSS 7.8
CVE-2023-7123
MEDIUM
SourceCodester Medicine Tracking System 1.0 - SQL Injection via Master.php id/name/description Parameters
CVSS 6.3
CVE-2023-52096
HIGH
SteVe Community ocpp-jaxb <0.0.8 - SQL Injection
CVSS 7.5
CVE-2023-5674
HIGH
WP Mail Log < 1.1.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5645
HIGH
WP Mail Log < 1.1.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5203
HIGH
WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL Injection via Request URL or Query Parameters
CVSS 7.5
CVE-2023-7111
MEDIUM
Library Management System 2.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-49954
CRITICAL
3CX < 18.0.9.23 and 20 < 20.0.0.1494 - SQL Injection via CRM Integration
CVSS 9.8
CVE-2023-7100
MEDIUM
PHPGurukul Restaurant Table Booking System 1.0 - SQL Injection via fdate/tdate Parameters
CVSS 6.3
CVE-2023-7099
MEDIUM
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 6.3
CVE-2023-7097
MEDIUM
Water Billing System 1.0 - SQL Injection via owners_id Parameter in addbill.php
CVSS 6.3
CVE-2023-7096
MEDIUM
Faculty Management System 1.0 - SQL Injection via crud.php fieldname/tablename Parameter
CVSS 4.7
CVE-2023-51448
HIGH
Cacti 1.2.25 - Authenticated Blind SQL Injection via SNMP Notification Receivers
CVSS 8.8
CVE-2023-49085
HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via pollers.php
CVSS 8.8
Details
Vulnerabilities
19,730
Exploit Likelihood
High