CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,731 vulnerabilities with CWE-89
CVE-2023-49363 CRITICAL
rockoa < 2.3.3 - SQL Injection in reimpAction.php indexAction Method
CVSS 9.8
CVE-2023-6755 MEDIUM
DedeBIZ 6.2 - SQL Injection via endid Parameter in content_batchup_action.php
CVSS 4.7
CVE-2023-45800 HIGH
Hanbiro groupware 3.8.79-3.8.81.1 - SQL Injection
CVSS 7.5
CVE-2023-41623 HIGH
emlog pro2.1.14 - SQL Injection via uid Parameter
CVSS 7.2
CVE-2023-49581 MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated SQL Injection and Data Manipulation
CVSS 4.1
CVE-2023-36652 MEDIUM
ProLion CryptoSpike 3.0.15P2 - SQL Injection
CVSS 4.3
CVE-2023-6035 HIGH
EazyDocs WordPress <2.3.4 - SQL Injection
CVSS 8.8
CVE-2023-6659 MEDIUM
Campcodes Web-Based Student Clearance System 1.0 - SQL Injection via login.php Student Parameter
CVSS 6.3
CVE-2023-6658 MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6657 MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6655 HIGH
Hongjing e-HR 2020 - SQL Injection
CVSS 7.3
CVE-2023-6652 HIGH
code-projects Matrimonial Site 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6651 HIGH
code-projects Matrimonial Site 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6648 HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6647 HIGH
AMTT HiBOS 1.0 - SQL Injection via Type Argument
CVSS 7.3
CVE-2023-50429 CRITICAL
IzyBat Orange casiers < 20230803_1 - SQL Injection via getEnsemble.php ensemble Parameter
CVSS 9.1
CVE-2023-6619 MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6617 MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6611 MEDIUM
Tongda OA < 11.9 - SQL Injection via EMAIL_ID Parameter
CVSS 5.5
CVE-2023-6608 MEDIUM
Tongda OA < 11.9 - SQL Injection via DELETE_STR Parameter
CVSS 5.5
CVE-2023-6607 MEDIUM
Tongda OA 2017 <11.10 - SQL Injection
CVSS 5.5
CVE-2023-43743 HIGH
Zultys MX Firmware < 16.0.4 - Authenticated SQL Injection via /newapi/ Filter Parameter
CVSS 8.8
CVE-2023-5008 CRITICAL
Student Information System 1.0 - Unauthenticated SQL Injection via regno Parameter
CVSS 9.8
CVE-2023-6581 MEDIUM
D-Link DAR-7000 <20231126 - SQL Injection
CVSS 5.5
CVE-2023-6579 HIGH
osCommerce 4 - SQL Injection via estimate[country_id] Parameter
CVSS 7.3
Details
Vulnerabilities 19,731
Exploit Likelihood High