CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,731 vulnerabilities with CWE-89
CVE-2023-6885 MEDIUM
Tongda OA < 11.10 - SQL Injection via DELETE_STR Parameter
CVSS 5.5
CVE-2023-30867 MEDIUM
Apache StreamPark 2.0.0-2.1.1 - SQL Injection via Fuzzy Search Parameter
CVSS 4.9
CVE-2023-48395 MEDIUM
Kaifa Technology WebITR - SQL Injection
CVSS 6.5
CVE-2023-48384 CRITICAL
ArmorX SpamTrap - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-48372 CRITICAL
ITPison OMICARD EDM - Unauthenticated SQL Injection via SMS Function
CVSS 9.8
CVE-2023-48050 CRITICAL
Cams Biometrics Zkteco eSSL Cams Biometrics Integration Module 13.0-16.0.1 - SQL Injection via db Parameter
CVSS 9.8
CVE-2023-40954 CRITICAL
Grzegorz Marczynski Dynamic Progress Bar <16.0.2.1 - SQL Injection
CVSS 9.8
CVE-2023-48049 CRITICAL
Cybrosys website_blog_search 13.0-13.0.1.0.1 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2023-44284 MEDIUM
Dell PowerProtect DD < 7.13.0.10 - SQL Injection
CVSS 4.3
CVE-2023-50563 CRITICAL
semcms v4.8 - SQL Injection via AID Parameter
CVSS 9.8
CVE-2023-50073 CRITICAL
EmpireCMS 7.5 - SQL Injection via ftppassword Parameter
CVSS 9.8
CVE-2023-49708 CRITICAL
Starshop 1.0.0-1.0.8 - SQL Injection
CVSS 9.8
CVE-2023-49707 CRITICAL
S5 Register 1.0.0-<3.0.0 - SQL Injection
CVSS 9.8
CVE-2023-48925 CRITICAL
Buy Addons Bavideotab <1.0.6 - SQL Injection
CVSS 9.8
CVE-2023-46348 CRITICAL
SunnyToo <1.1.13 - Privilege Escalation
CVSS 9.8
CVE-2023-40629 CRITICAL
LMS King Lite 1.0.0-3.3.01 - SQL Injection
CVSS 9.8
CVE-2023-48084 CRITICAL
Nagios XI < 5.11.3 - SQL Injection via Bulk Modification Tool
CVSS 9.8
CVE-2023-25651 MEDIUM
ZTE MF833U1 and MF286R Firmware - Authenticated SQL Injection via SMS Interface Parameter
CVSS 4.3
CVE-2023-49934 CRITICAL
SchedMD Slurm 23.11.x - SQL Injection
CVSS 9.8
CVE-2023-40921 CRITICAL
Common Services soliberte <4.3.03 - SQL Injection
CVSS 9.8
CVE-2023-6772 MEDIUM
OTCMS 7.01 - SQL Injection via sqlContent Parameter in ind_backstage.php
CVSS 4.7
CVE-2023-6771 MEDIUM
Simple Student Attendance System 1.0 - SQL Injection via sid Argument in save_attendance Function
CVSS 5.5
CVE-2023-46727 HIGH
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
CVSS 8.6
CVE-2023-43813 MEDIUM
GLPI 10.0.0-10.0.10 - SQL Injection via Saved Search Feature
CVSS 6.5
CVE-2023-6765 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via email_setup.php name Argument
CVSS 5.5
Details
Vulnerabilities 19,731
Exploit Likelihood High