CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,731 vulnerabilities with CWE-89
CVE-2023-6410 CRITICAL
Voovi Social Networking Script <1.0 - SQL Injection
CVSS 9.8
CVE-2023-48742 HIGH
License Manager for WooCommerce <2.2.10 - SQL Injection
CVSS 7.6
CVE-2023-40056 HIGH
SolarWinds Platform < 2023.4.2 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-48188 CRITICAL
op'art_devis 4.5.18-4.6.12 - SQL Injection via getModuleTranslation Function
CVSS 9.8
CVE-2023-46349 CRITICAL
MyPrestaModules <3.8.5 - SQL Injection
CVSS 9.8
CVE-2023-49030 HIGH
32ns KLive <2019-1-19 - Info Disclosure
CVSS 7.5
CVE-2023-6312 MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6311 MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6310 MEDIUM
SourceCodester Loan Management System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-6306 MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via columns Parameter
CVSS 6.3
CVE-2023-6305 MEDIUM
Free and Open Source Inventory Management System 1.0 - SQL Injection via suppliar_data.php columns Parameter
CVSS 6.3
CVE-2023-6276 MEDIUM
Tongda OA < 11.10 - SQL Injection via PROJ_ID_STR Parameter
CVSS 6.3
CVE-2023-46575 CRITICAL
Meshery < 0.6.179 - SQL Injection via Order Parameter
CVSS 9.8
CVE-2023-3631 CRITICAL
Medart Notification Panel <20231123 - SQL Injection
CVSS 9.8
CVE-2023-3377 CRITICAL
Veribilim Software Computer Veribase <20231123 - SQL Injection
CVSS 9.8
CVE-2023-46357 CRITICAL
MyPrestaModules <3.5.0 - SQL Injection
CVSS 9.8
CVE-2023-45377 CRITICAL
Chronopost < 6.2.1 - Unauthenticated SQL Injection via cancelSkybill.php
CVSS 9.8
CVE-2023-5466 HIGH
Wp anything slider <= 9.1 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5465 HIGH
Popup with fancybox < 3.5 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-2841 HIGH
Advanced Local Pickup <1.5.5 - SQL Injection
CVSS 7.2
CVE-2023-2889 CRITICAL
Veon Computer Service Tracking Software <crm 2.0 - SQL Injection
CVSS 9.8
CVE-2023-5047 CRITICAL
DRD Fleet Leasing DRDrive <20231006 - SQL Injection
CVSS 9.8
CVE-2023-37924 CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
CVSS 9.8
CVE-2023-5652 CRITICAL
WP Hotel Booking < 2.0.8 - Unauthenticated SQL Injection via admin_init Hook
CVSS 9.8
CVE-2023-5640 CRITICAL
Article Analytics < 1.0 - Unauthenticated SQL Injection via AJAX Action
CVSS 9.8
Details
Vulnerabilities 19,731
Exploit Likelihood High