CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,731 vulnerabilities with CWE-89
CVE-2023-46700
CRITICAL
LuxCal Web Calendar <5.2.4M/5.2.4L - SQL Injection
CVSS 9.8
CVE-2023-22275
HIGH
Adobe RoboHelp Server <11.4 - SQL Injection
CVSS 7.5
CVE-2023-22268
MEDIUM
Adobe RoboHelp Server <11.4 - SQL Injection
CVSS 6.5
CVE-2023-45387
CRITICAL
MyPrestaModules Export Products < 5.1.0 - Unauthenticated SQL Injection via exportProduct::_addDataToDb()
CVSS 9.8
CVE-2023-48078
CRITICAL
Simple CRUD Functionality 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2023-47637
HIGH
pimcore < 11.1.1 - Authenticated SQL Injection via Grid Proxy Endpoint
CVSS 8.8
CVE-2023-47445
CRITICAL
Pre-School Enrollment System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-40923
HIGH
MyPrestaModules ordersexport <5.0 - SQL Injection
CVSS 8.8
CVE-2023-47308
CRITICAL
Activedesign Newsletterpop < 2.4.53 - SQL Injection
CVSS 9.8
CVE-2023-43979
CRITICAL
ETS Soft ybc_blog <4.4.0 - SQL Injection
CVSS 9.8
CVE-2023-46582
HIGH
Inventory Management <1.0 - SQL Injection
CVSS 7.8
CVE-2023-46581
MEDIUM
Inventory Management <1.0 - SQL Injection
CVSS 5.5
CVE-2023-46025
MEDIUM
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 4.9
CVE-2023-46024
HIGH
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.5
CVE-2023-46023
MEDIUM
Code-Projects Simple Task List 1.0 - Info Disclosure
CVSS 6.5
CVE-2023-46022
HIGH
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 7.8
CVE-2023-34991
CRITICAL
FortiWLM 8.2.2-8.6.5 - SQL Injection via Crafted HTTP Request
CVSS 9.8
CVE-2023-45684
HIGH
CFEngine 3.6.0-3.18.5 - SQL Injection in Mission Portal Login Page
CVSS 7.5
CVE-2023-46097
MEDIUM
SIMATIC PCS neo <V4.1 - SQL Injection
CVSS 6.3
CVE-2023-47609
HIGH
oss_calendar < 2.0.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-46021
MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46018
MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46017
MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46014
MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6097
CRITICAL
ICS Business Manager 7.06.0028.7089 - SQL Injection
CVSS 9.4
Details
Vulnerabilities
19,731
Exploit Likelihood
High