CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,730 vulnerabilities with CWE-89
CVE-2023-6145
CRITICAL
Softomi Advanced C2C Marketplace <12122023 - SQL Injection
CVSS 9.8
CVE-2023-7023
MEDIUM
Tongda OA < 11.9 - SQL Injection via VU_ID Parameter in general/vehicle/query/delete.php
CVSS 6.3
CVE-2023-7022
MEDIUM
Tongda OA < 11.9 - SQL Injection via DELETE_STR Parameter in delete_all.php
CVSS 6.3
CVE-2023-7021
MEDIUM
Tongda OA 2017-11.9 - SQL Injection via VU_ID Parameter in delete_search.php
CVSS 6.3
CVE-2023-7020
MEDIUM
Tongda OA < 11.9 - SQL Injection via TEMP_ID Parameter in view.php
CVSS 6.3
CVE-2023-48434
CRITICAL
Online Voting System Project v1.0 - SQL Injection
CVSS 9.8
CVE-2023-48433
CRITICAL
Online Voting System Project v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-47990
CRITICAL
CuppaCMS 1.0 - SQL Injection via Table Parameter
CVSS 9.8
CVE-2023-49752
CRITICAL
Adifier - Classified Ads WordPress Theme < 3.1.4 - SQL Injection
CVSS 9.3
CVE-2023-49166
HIGH
Magic Logix MSync <1.0.0 - SQL Injection
CVSS 7.6
CVE-2023-49161
HIGH
Guelben Bravo Translate <1.2 - SQL Injection
CVSS 7.6
CVE-2023-29432
HIGH
Favethemes Houzez < 2.8.3 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-29096
HIGH
BestWebSoft Contact Form to DB <1.7.0 - SQL Injection
CVSS 8.5
CVE-2023-28788
HIGH
Advanced Page Visit Counter - SQL Injection
CVSS 7.1
CVE-2023-28491
MEDIUM
Tribulant Slideshow Gallery LITE <1.7.6 - SQL Injection
CVSS 6.7
CVE-2023-26525
HIGH
weDevs Dokan <3.7.12 - SQL Injection
CVSS 7.1
CVE-2023-30872
HIGH
BannerSky BSK Forms Blacklist <= 3.6.2 - SQL Injection
CVSS 7.6
CVE-2023-30750
HIGH
CM Popup Plugin for WordPress <= 1.5.10 - SQL Injection
CVSS 8.5
CVE-2023-30495
HIGH
Ultimate Addons for Contact Form 7 < 3.1.23 - SQL Injection
CVSS 8.5
CVE-2023-5011
HIGH
Student Information System 1.0 - Authenticated SQL Injection via coursename Parameter
CVSS 8.8
CVE-2023-5010
HIGH
Student Information System 1.0 - Authenticated SQL Injection via marks.php coursecode Parameter
CVSS 8.8
CVE-2023-5007
HIGH
Student Information System 1.0 - Authenticated SQL Injection via marks.php id Parameter
CVSS 8.8
CVE-2023-49825
HIGH
PenciDesign Soledad < 8.4.1 - SQL Injection
CVSS 8.5
CVE-2023-49776
CRITICAL
Sayfa Sayac < 2.6 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-35915
HIGH
WooPayments < 5.9.0 - SQL Injection
CVSS 7.6
Details
Vulnerabilities
19,730
Exploit Likelihood
High