CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,730 vulnerabilities with CWE-89
CVE-2023-6145 CRITICAL
Softomi Advanced C2C Marketplace <12122023 - SQL Injection
CVSS 9.8
CVE-2023-7023 MEDIUM
Tongda OA < 11.9 - SQL Injection via VU_ID Parameter in general/vehicle/query/delete.php
CVSS 6.3
CVE-2023-7022 MEDIUM
Tongda OA < 11.9 - SQL Injection via DELETE_STR Parameter in delete_all.php
CVSS 6.3
CVE-2023-7021 MEDIUM
Tongda OA 2017-11.9 - SQL Injection via VU_ID Parameter in delete_search.php
CVSS 6.3
CVE-2023-7020 MEDIUM
Tongda OA < 11.9 - SQL Injection via TEMP_ID Parameter in view.php
CVSS 6.3
CVE-2023-48434 CRITICAL
Online Voting System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48433 CRITICAL
Online Voting System Project v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-47990 CRITICAL
CuppaCMS 1.0 - SQL Injection via Table Parameter
CVSS 9.8
CVE-2023-49752 CRITICAL
Adifier - Classified Ads WordPress Theme < 3.1.4 - SQL Injection
CVSS 9.3
CVE-2023-49166 HIGH
Magic Logix MSync <1.0.0 - SQL Injection
CVSS 7.6
CVE-2023-49161 HIGH
Guelben Bravo Translate <1.2 - SQL Injection
CVSS 7.6
CVE-2023-29432 HIGH
Favethemes Houzez < 2.8.3 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-29096 HIGH
BestWebSoft Contact Form to DB <1.7.0 - SQL Injection
CVSS 8.5
CVE-2023-28788 HIGH
Advanced Page Visit Counter - SQL Injection
CVSS 7.1
CVE-2023-28491 MEDIUM
Tribulant Slideshow Gallery LITE <1.7.6 - SQL Injection
CVSS 6.7
CVE-2023-26525 HIGH
weDevs Dokan <3.7.12 - SQL Injection
CVSS 7.1
CVE-2023-30872 HIGH
BannerSky BSK Forms Blacklist <= 3.6.2 - SQL Injection
CVSS 7.6
CVE-2023-30750 HIGH
CM Popup Plugin for WordPress <= 1.5.10 - SQL Injection
CVSS 8.5
CVE-2023-30495 HIGH
Ultimate Addons for Contact Form 7 < 3.1.23 - SQL Injection
CVSS 8.5
CVE-2023-5011 HIGH
Student Information System 1.0 - Authenticated SQL Injection via coursename Parameter
CVSS 8.8
CVE-2023-5010 HIGH
Student Information System 1.0 - Authenticated SQL Injection via marks.php coursecode Parameter
CVSS 8.8
CVE-2023-5007 HIGH
Student Information System 1.0 - Authenticated SQL Injection via marks.php id Parameter
CVSS 8.8
CVE-2023-49825 HIGH
PenciDesign Soledad < 8.4.1 - SQL Injection
CVSS 8.5
CVE-2023-49776 CRITICAL
Sayfa Sayac < 2.6 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-35915 HIGH
WooPayments < 5.9.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,730
Exploit Likelihood High