CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,731 vulnerabilities with CWE-89
CVE-2023-6410
CRITICAL
Voovi Social Networking Script <1.0 - SQL Injection
CVSS 9.8
CVE-2023-48742
HIGH
License Manager for WooCommerce <2.2.10 - SQL Injection
CVSS 7.6
CVE-2023-40056
HIGH
SolarWinds Platform < 2023.4.2 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-48188
CRITICAL
op'art_devis 4.5.18-4.6.12 - SQL Injection via getModuleTranslation Function
CVSS 9.8
CVE-2023-46349
CRITICAL
MyPrestaModules <3.8.5 - SQL Injection
CVSS 9.8
CVE-2023-49030
HIGH
32ns KLive <2019-1-19 - Info Disclosure
CVSS 7.5
CVE-2023-6312
MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6311
MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6310
MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6306
MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via columns Parameter
CVSS 6.3
CVE-2023-6305
MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via suppliar_data.php columns Parameter
CVSS 6.3
CVE-2023-6276
MEDIUM
Tongda OA < 11.10 - SQL Injection via PROJ_ID_STR Parameter
CVSS 6.3
CVE-2023-46575
CRITICAL
Meshery < 0.6.179 - SQL Injection via Order Parameter
CVSS 9.8
CVE-2023-3631
CRITICAL
Medart Notification Panel <20231123 - SQL Injection
CVSS 9.8
CVE-2023-3377
CRITICAL
Veribilim Software Computer Veribase <20231123 - SQL Injection
CVSS 9.8
CVE-2023-46357
CRITICAL
MyPrestaModules <3.5.0 - SQL Injection
CVSS 9.8
CVE-2023-45377
CRITICAL
Chronopost < 6.2.1 - Unauthenticated SQL Injection via cancelSkybill.php
CVSS 9.8
CVE-2023-5466
HIGH
Wp anything slider <= 9.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5465
HIGH
Popup with fancybox < 3.5 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-2841
HIGH
Advanced Local Pickup <1.5.5 - SQL Injection
CVSS 7.2
CVE-2023-2889
CRITICAL
Veon Computer Service Tracking Software <crm 2.0 - SQL Injection
CVSS 9.8
CVE-2023-5047
CRITICAL
DRD Fleet Leasing DRDrive <20231006 - SQL Injection
CVSS 9.8
CVE-2023-37924
CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
CVSS 9.8
CVE-2023-5652
CRITICAL
WP Hotel Booking < 2.0.8 - Unauthenticated SQL Injection via admin_init Hook
CVSS 9.8
CVE-2023-5640
CRITICAL
Article Analytics < 1.0 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
Details
Vulnerabilities
19,731
Exploit Likelihood
High