CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,731 vulnerabilities with CWE-89
CVE-2023-49363
CRITICAL
rockoa < 2.3.3 - SQL Injection in reimpAction.php indexAction Method
CVSS 9.8
CVE-2023-6755
MEDIUM
DedeBIZ 6.2 - SQL Injection via endid Parameter in content_batchup_action.php
CVSS 4.7
CVE-2023-45800
HIGH
Hanbiro groupware 3.8.79-3.8.81.1 - SQL Injection
CVSS 7.5
CVE-2023-41623
HIGH
emlog pro2.1.14 - SQL Injection via uid Parameter
CVSS 7.2
CVE-2023-49581
MEDIUM
SAP NetWeaver Application Server ABAP - Unauthenticated SQL Injection and Data Manipulation
CVSS 4.1
CVE-2023-36652
MEDIUM
ProLion CryptoSpike 3.0.15P2 - SQL Injection
CVSS 4.3
CVE-2023-6035
HIGH
EazyDocs WordPress <2.3.4 - SQL Injection
CVSS 8.8
CVE-2023-6659
MEDIUM
Campcodes Web-Based Student Clearance System 1.0 - SQL Injection via login.php Student Parameter
CVSS 6.3
CVE-2023-6658
MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6657
MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6655
HIGH
Hongjing e-HR 2020 - SQL Injection
CVSS 7.3
CVE-2023-6652
HIGH
code-projects Matrimonial Site 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6651
HIGH
code-projects Matrimonial Site 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6648
HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-6647
HIGH
AMTT HiBOS 1.0 - SQL Injection via Type Argument
CVSS 7.3
CVE-2023-50429
CRITICAL
IzyBat Orange casiers < 20230803_1 - SQL Injection via getEnsemble.php ensemble Parameter
CVSS 9.1
CVE-2023-6619
MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6617
MEDIUM
SourceCodester Simple Student Attendance System 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6611
MEDIUM
Tongda OA < 11.9 - SQL Injection via EMAIL_ID Parameter
CVSS 5.5
CVE-2023-6608
MEDIUM
Tongda OA < 11.9 - SQL Injection via DELETE_STR Parameter
CVSS 5.5
CVE-2023-6607
MEDIUM
Tongda OA 2017 <11.10 - SQL Injection
CVSS 5.5
CVE-2023-43743
HIGH
Zultys MX Firmware < 16.0.4 - Authenticated SQL Injection via /newapi/ Filter Parameter
CVSS 8.8
CVE-2023-5008
CRITICAL
Student Information System 1.0 - Unauthenticated SQL Injection via regno Parameter
CVSS 9.8
CVE-2023-6581
MEDIUM
D-Link DAR-7000 <20231126 - SQL Injection
CVSS 5.5
CVE-2023-6579
HIGH
osCommerce 4 - SQL Injection via estimate[country_id] Parameter
CVSS 7.3
Details
Vulnerabilities
19,731
Exploit Likelihood
High