CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,731 vulnerabilities with CWE-89
CVE-2023-46700 CRITICAL
LuxCal Web Calendar <5.2.4M/5.2.4L - SQL Injection
CVSS 9.8
CVE-2023-22275 HIGH
Adobe RoboHelp Server <11.4 - SQL Injection
CVSS 7.5
CVE-2023-22268 MEDIUM
Adobe RoboHelp Server <11.4 - SQL Injection
CVSS 6.5
CVE-2023-45387 CRITICAL
MyPrestaModules Export Products < 5.1.0 - Unauthenticated SQL Injection via exportProduct::_addDataToDb()
CVSS 9.8
CVE-2023-48078 CRITICAL
Simple CRUD Functionality 1.0 - SQL Injection via Title Parameter
CVSS 9.8
CVE-2023-47637 HIGH
pimcore < 11.1.1 - Authenticated SQL Injection via Grid Proxy Endpoint
CVSS 8.8
CVE-2023-47445 CRITICAL
Pre-School Enrollment System 1.0 - SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-40923 HIGH
MyPrestaModules ordersexport <5.0 - SQL Injection
CVSS 8.8
CVE-2023-47308 CRITICAL
Activedesign Newsletterpop < 2.4.53 - SQL Injection
CVSS 9.8
CVE-2023-43979 CRITICAL
ETS Soft ybc_blog <4.4.0 - SQL Injection
CVSS 9.8
CVE-2023-46582 HIGH
Inventory Management <1.0 - SQL Injection
CVSS 7.8
CVE-2023-46581 MEDIUM
Inventory Management <1.0 - SQL Injection
CVSS 5.5
CVE-2023-46025 MEDIUM
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 4.9
CVE-2023-46024 HIGH
phpgurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.5
CVE-2023-46023 MEDIUM
Code-Projects Simple Task List 1.0 - Info Disclosure
CVSS 6.5
CVE-2023-46022 HIGH
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 7.8
CVE-2023-34991 CRITICAL
FortiWLM 8.2.2-8.6.5 - SQL Injection via Crafted HTTP Request
CVSS 9.8
CVE-2023-45684 HIGH
CFEngine 3.6.0-3.18.5 - SQL Injection in Mission Portal Login Page
CVSS 7.5
CVE-2023-46097 MEDIUM
SIMATIC PCS neo <V4.1 - SQL Injection
CVSS 6.3
CVE-2023-47609 HIGH
oss_calendar < 2.0.3 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-46021 MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46018 MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46017 MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-46014 MEDIUM
Code-Projects Blood Bank 1.0 - SQL Injection
CVSS 5.5
CVE-2023-6097 CRITICAL
ICS Business Manager 7.06.0028.7089 - SQL Injection
CVSS 9.4
Details
Vulnerabilities 19,731
Exploit Likelihood High