CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-42284 CRITICAL
Tyk Gateway 5.0.3 - Blind SQL Injection via api_version Parameter
CVSS 9.8
CVE-2023-42283 CRITICAL
Tyk Gateway 5.0.3 - Blind SQL Injection via api_id Parameter
CVSS 9.8
CVE-2023-5082 HIGH
WordPress Plugin <1.0.13 - SQL Injection
CVSS 7.2
CVE-2023-46823 HIGH
Avirtum ImageLinks Interactive Image Builder <1.5.4 - SQL Injection
CVSS 7.6
CVE-2023-46821 HIGH
GD Security Headers <1.7 - SQL Injection
CVSS 7.6
CVE-2023-46084 HIGH
bPlugins LLC Icons Font Loader <1.1.2 - SQL Injection
CVSS 8.5
CVE-2023-45830 HIGH
Accessibility Suite by Online ADA <= 4.12 - SQL Injection
CVSS 8.5
CVE-2023-45657 HIGH
POSIMYTH Nexter <= 2.0.3 - SQL Injection
CVSS 8.5
CVE-2023-45074 HIGH
Advanced Page Visit Counter < 7.1.1 - SQL Injection
CVSS 8.5
CVE-2023-45069 HIGH
Video Gallery by Total-Soft < 2.1.3 - SQL Injection
CVSS 7.6
CVE-2023-45055 HIGH
MStore API < 4.0.6 - SQL Injection
CVSS 8.5
CVE-2023-45046 MEDIUM
Pressference Exporter < 1.0.3 - SQL Injection
CVSS 5.5
CVE-2023-45001 HIGH
Seriously Simple Stats <= 1.5.0 - SQL Injection
CVSS 8.5
CVE-2023-41685 HIGH
ilGhera Woocommerce Support System < 1.2.1 - SQL Injection
CVSS 7.6
CVE-2023-40609 HIGH
Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-40207 HIGH
Donations Made Easy - Smart Donations < 4.0.12 - SQL Injection
CVSS 7.6
CVE-2023-38382 CRITICAL
Subscribe to Category <2.7.4 - SQL Injection
CVSS 9.8
CVE-2023-35911 HIGH
Contact Form Generator <2.6.0 - SQL Injection
CVSS 8.5
CVE-2023-33924 HIGH
Felix Welberg SIS Handball <1.0.45 - SQL Injection
CVSS 7.6
CVE-2023-28748 HIGH
Copy or Move Comments < 5.0.4 - SQL Injection
CVSS 8.5
CVE-2023-27605 MEDIUM
WP Reroute Email <= 1.4.6 - SQL Injection
CVSS 5.5
CVE-2023-46981 CRITICAL
Novel-Plus 4.2.0 - SQL Injection via Sort Parameter in Log List Endpoint
CVSS 9.8
CVE-2023-40922 CRITICAL
kerawen < 2.5.1 - SQL Injection via ocs_id_cart Parameter
CVSS 9.8
CVE-2023-40215 HIGH
demon image annotation < 5.1 - SQL Injection
CVSS 7.6
CVE-2023-38391 MEDIUM
Themesgrove Onepage Builder <2.4.1 - SQL Injection
CVSS 6.7
Details
Vulnerabilities 19,735
Exploit Likelihood High