CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,731 vulnerabilities with CWE-89
CVE-2023-6885
MEDIUM
Tongda OA < 11.10 - SQL Injection via DELETE_STR Parameter
CVSS 5.5
CVE-2023-30867
MEDIUM
Apache StreamPark 2.0.0-2.1.1 - SQL Injection via Fuzzy Search Parameter
CVSS 4.9
CVE-2023-48395
MEDIUM
Kaifa Technology WebITR - SQL Injection
CVSS 6.5
CVE-2023-48384
CRITICAL
ArmorX SpamTrap - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-48372
CRITICAL
ITPison OMICARD EDM - Unauthenticated SQL Injection via SMS Function
CVSS 9.8
CVE-2023-48050
CRITICAL
Cams Biometrics Zkteco eSSL Cams Biometrics Integration Module 13.0-16.0.1 - SQL Injection via db Parameter
CVSS 9.8
CVE-2023-40954
CRITICAL
Grzegorz Marczynski Dynamic Progress Bar <16.0.2.1 - SQL Injection
CVSS 9.8
CVE-2023-48049
CRITICAL
Cybrosys website_blog_search 13.0-13.0.1.0.1 - SQL Injection via Name Parameter
CVSS 9.8
CVE-2023-44284
MEDIUM
Dell PowerProtect DD < 7.13.0.10 - SQL Injection
CVSS 4.3
CVE-2023-50563
CRITICAL
semcms v4.8 - SQL Injection via AID Parameter
CVSS 9.8
CVE-2023-50073
CRITICAL
EmpireCMS 7.5 - SQL Injection via ftppassword Parameter
CVSS 9.8
CVE-2023-49708
CRITICAL
Starshop 1.0.0-1.0.8 - SQL Injection
CVSS 9.8
CVE-2023-49707
CRITICAL
S5 Register 1.0.0-<3.0.0 - SQL Injection
CVSS 9.8
CVE-2023-48925
CRITICAL
Buy Addons Bavideotab <1.0.6 - SQL Injection
CVSS 9.8
CVE-2023-46348
CRITICAL
SunnyToo <1.1.13 - Privilege Escalation
CVSS 9.8
CVE-2023-40629
CRITICAL
LMS King Lite 1.0.0-3.3.01 - SQL Injection
CVSS 9.8
CVE-2023-48084
CRITICAL
Nagios XI < 5.11.3 - SQL Injection via Bulk Modification Tool
CVSS 9.8
CVE-2023-25651
MEDIUM
ZTE MF833U1 and MF286R Firmware - Authenticated SQL Injection via SMS Interface Parameter
CVSS 4.3
CVE-2023-49934
CRITICAL
SchedMD Slurm 23.11.x - SQL Injection
CVSS 9.8
CVE-2023-40921
CRITICAL
Common Services soliberte <4.3.03 - SQL Injection
CVSS 9.8
CVE-2023-6772
MEDIUM
OTCMS 7.01 - SQL Injection via sqlContent Parameter in ind_backstage.php
CVSS 4.7
CVE-2023-6771
MEDIUM
Simple Student Attendance System 1.0 - SQL Injection via sid Argument in save_attendance Function
CVSS 5.5
CVE-2023-46727
HIGH
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
CVSS 8.6
CVE-2023-43813
MEDIUM
GLPI 10.0.0-10.0.10 - SQL Injection via Saved Search Feature
CVSS 6.5
CVE-2023-6765
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via email_setup.php name Argument
CVSS 5.5
Details
Vulnerabilities
19,731
Exploit Likelihood
High