CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-49689 CRITICAL
kashipara job_portal v1.0 - Unauthenticated SQL Injection via JobId Parameter
CVSS 9.8
CVE-2023-49688 CRITICAL
kashipara job_portal v1.0 - Unauthenticated SQL Injection via txtUser Parameter
CVSS 9.8
CVE-2023-49681 CRITICAL
Job Portal v1.0 - Unauthenticated SQL Injection via cmbQual Parameter
CVSS 9.8
CVE-2023-49677 CRITICAL
Job Portal v1.0 - Unauthenticated SQL Injection via cmbQual Parameter
CVSS 9.8
CVE-2023-48722 CRITICAL
Student Result Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48720 CRITICAL
Student Result Management System v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-48718 CRITICAL
Student Result Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48716 CRITICAL
Student Result Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48689 CRITICAL
Railway Reservation System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48687 CRITICAL
Railway Reservation System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48685 CRITICAL
Railway Reservation System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-44482 HIGH
Leave Management System Project 1.0 - Authenticated SQL Injection via setsickleave Parameter
CVSS 8.8
CVE-2023-44481 HIGH
Leave Management System Project 1.0 - Authenticated SQL Injection via setearnleave Parameter
CVSS 8.8
CVE-2023-45121 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via desc Parameter
CVSS 8.8
CVE-2023-45120 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via qid Parameter
CVSS 8.8
CVE-2023-51052 CRITICAL
S-CMS 5.0 - SQL Injection via A_formauth Parameter
CVSS 9.8
CVE-2023-51051 CRITICAL
S-CMS 5.0 - SQL Injection via A_textauth Parameter
CVSS 9.8
CVE-2023-51050 CRITICAL
S-CMS 5.0 - SQL Injection via A_productauth Parameter
CVSS 9.8
CVE-2023-51049 CRITICAL
S-CMS 5.0 - SQL Injection via A_bbsauth Parameter
CVSS 9.8
CVE-2023-51048 CRITICAL
S-CMS 5.0 - SQL Injection via A_newsauth Parameter
CVSS 9.8
CVE-2023-45119 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via Quiz Update Parameter
CVSS 8.8
CVE-2023-45118 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via fdid Parameter
CVSS 8.8
CVE-2023-45117 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via eid Parameter
CVSS 8.8
CVE-2023-45116 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via demail Parameter
CVSS 8.8
CVE-2023-45115 HIGH
Online Examination System 1.0 - Authenticated SQL Injection via ch Parameter
CVSS 8.8
Details
Vulnerabilities 19,730
Exploit Likelihood High