CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,735 vulnerabilities with CWE-89
CVE-2023-35910
HIGH
Nucleus_genius Quasar form free - SQL Injection
CVSS 8.5
CVE-2023-32741
HIGH
Contact Form to Any API < 1.1.2 - SQL Injection
CVSS 7.6
CVE-2023-36677
HIGH
SP Project & Document Manager <4.67 - SQL Injection
CVSS 8.3
CVE-2023-36529
CRITICAL
Favethemes Houzez <1.3.4 - SQL Injection
CVSS 9.9
CVE-2023-34179
HIGH
Groundhogg < 2.7.11 - SQL Injection
CVSS 7.6
CVE-2023-32508
HIGH
Order Your Posts Manually < 2.2.5 - SQL Injection
CVSS 7.6
CVE-2023-32121
HIGH
Zero Spam for WordPress < 5.4.4 - SQL Injection
CVSS 7.6
CVE-2023-25990
HIGH
Tutor LMS < 2.1.10 - SQL Injection
CVSS 7.1
CVE-2023-25800
HIGH
Tutor LMS < 2.2.0 - SQL Injection
CVSS 8.1
CVE-2023-25700
HIGH
Themeum Tutor LMS < 2.1.10 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-26015
HIGH
MapPress Maps for WordPress < 2.85.4 - Authenticated SQL Injection
CVSS 7.1
CVE-2023-25960
CRITICAL
Zendrop - Global Dropshipping <= 1.0.0 - SQL Injection
CVSS 10.0
CVE-2023-41652
HIGH
RSVPMaker < 10.6.6 - SQL Injection
CVSS 8.2
CVE-2023-34383
HIGH
weDevs WP Project Manager < 2.6.0 - SQL Injection
CVSS 8.5
CVE-2023-46954
CRITICAL
RelativityOne <12.1.537.3 - SQL Injection
CVSS 9.8
CVE-2023-5929
MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_academic.php id Parameter
CVSS 5.5
CVE-2023-5928
MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_department.php id Parameter
CVSS 5.5
CVE-2023-5927
MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_course.php id Parameter
CVSS 5.5
CVE-2023-5926
MEDIUM
Campcodes Simple Student Information System 1.0 - SQL Injection via student_id Parameter
CVSS 5.5
CVE-2023-5925
MEDIUM
Simple Student Information System 1.0 - SQL Injection via Master.php f Parameter
CVSS 5.5
CVE-2023-5924
MEDIUM
Campcodes Simple Student Information System 1.0 - SQL Injection via id Parameter in view_course.php
CVSS 5.5
CVE-2023-5923
MEDIUM
Simple Student Information System 1.0 - SQL Injection via /admin/index.php id Parameter
CVSS 5.5
CVE-2023-45347
CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via User Router Verified Parameter
CVSS 9.8
CVE-2023-45346
CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via User Router Role Parameter
CVSS 9.8
CVE-2023-45345
CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via user-router.php *_deleted Parameter
CVSS 9.8
Details
Vulnerabilities
19,735
Exploit Likelihood
High