CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,735 vulnerabilities with CWE-89
CVE-2023-42284
CRITICAL
Tyk Gateway 5.0.3 - Blind SQL Injection via api_version Parameter
CVSS 9.8
CVE-2023-42283
CRITICAL
Tyk Gateway 5.0.3 - Blind SQL Injection via api_id Parameter
CVSS 9.8
CVE-2023-5082
HIGH
WordPress Plugin <1.0.13 - SQL Injection
CVSS 7.2
CVE-2023-46823
HIGH
Avirtum ImageLinks Interactive Image Builder <1.5.4 - SQL Injection
CVSS 7.6
CVE-2023-46821
HIGH
GD Security Headers <1.7 - SQL Injection
CVSS 7.6
CVE-2023-46084
HIGH
bPlugins LLC Icons Font Loader <1.1.2 - SQL Injection
CVSS 8.5
CVE-2023-45830
HIGH
Accessibility Suite by Online ADA <= 4.12 - SQL Injection
CVSS 8.5
CVE-2023-45657
HIGH
POSIMYTH Nexter <= 2.0.3 - SQL Injection
CVSS 8.5
CVE-2023-45074
HIGH
Advanced Page Visit Counter < 7.1.1 - SQL Injection
CVSS 8.5
CVE-2023-45069
HIGH
Video Gallery by Total-Soft < 2.1.3 - SQL Injection
CVSS 7.6
CVE-2023-45055
HIGH
MStore API < 4.0.6 - SQL Injection
CVSS 8.5
CVE-2023-45046
MEDIUM
Pressference Exporter < 1.0.3 - SQL Injection
CVSS 5.5
CVE-2023-45001
HIGH
Seriously Simple Stats <= 1.5.0 - SQL Injection
CVSS 8.5
CVE-2023-41685
HIGH
ilGhera Woocommerce Support System < 1.2.1 - SQL Injection
CVSS 7.6
CVE-2023-40609
HIGH
Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-40207
HIGH
Donations Made Easy - Smart Donations < 4.0.12 - SQL Injection
CVSS 7.6
CVE-2023-38382
CRITICAL
Subscribe to Category <2.7.4 - SQL Injection
CVSS 9.8
CVE-2023-35911
HIGH
Contact Form Generator <2.6.0 - SQL Injection
CVSS 8.5
CVE-2023-33924
HIGH
Felix Welberg SIS Handball <1.0.45 - SQL Injection
CVSS 7.6
CVE-2023-28748
HIGH
Copy or Move Comments < 5.0.4 - SQL Injection
CVSS 8.5
CVE-2023-27605
MEDIUM
WP Reroute Email <= 1.4.6 - SQL Injection
CVSS 5.5
CVE-2023-46981
CRITICAL
Novel-Plus 4.2.0 - SQL Injection via Sort Parameter in Log List Endpoint
CVSS 9.8
CVE-2023-40922
CRITICAL
kerawen < 2.5.1 - SQL Injection via ocs_id_cart Parameter
CVSS 9.8
CVE-2023-40215
HIGH
demon image annotation < 5.1 - SQL Injection
CVSS 7.6
CVE-2023-38391
MEDIUM
Themesgrove Onepage Builder <2.4.1 - SQL Injection
CVSS 6.7
Details
Vulnerabilities
19,735
Exploit Likelihood
High