CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-35910 HIGH
Nucleus_genius Quasar form free - SQL Injection
CVSS 8.5
CVE-2023-32741 HIGH
Contact Form to Any API < 1.1.2 - SQL Injection
CVSS 7.6
CVE-2023-36677 HIGH
SP Project & Document Manager <4.67 - SQL Injection
CVSS 8.3
CVE-2023-36529 CRITICAL
Favethemes Houzez <1.3.4 - SQL Injection
CVSS 9.9
CVE-2023-34179 HIGH
Groundhogg < 2.7.11 - SQL Injection
CVSS 7.6
CVE-2023-32508 HIGH
Order Your Posts Manually < 2.2.5 - SQL Injection
CVSS 7.6
CVE-2023-32121 HIGH
Zero Spam for WordPress < 5.4.4 - SQL Injection
CVSS 7.6
CVE-2023-25990 HIGH
Tutor LMS < 2.1.10 - SQL Injection
CVSS 7.1
CVE-2023-25800 HIGH
Tutor LMS < 2.2.0 - SQL Injection
CVSS 8.1
CVE-2023-25700 HIGH
Themeum Tutor LMS < 2.1.10 - Unauthenticated SQL Injection
CVSS 8.2
CVE-2023-26015 HIGH
MapPress Maps for WordPress < 2.85.4 - Authenticated SQL Injection
CVSS 7.1
CVE-2023-25960 CRITICAL
Zendrop - Global Dropshipping <= 1.0.0 - SQL Injection
CVSS 10.0
CVE-2023-41652 HIGH
RSVPMaker < 10.6.6 - SQL Injection
CVSS 8.2
CVE-2023-34383 HIGH
weDevs WP Project Manager < 2.6.0 - SQL Injection
CVSS 8.5
CVE-2023-46954 CRITICAL
RelativityOne <12.1.537.3 - SQL Injection
CVSS 9.8
CVE-2023-5929 MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_academic.php id Parameter
CVSS 5.5
CVE-2023-5928 MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_department.php id Parameter
CVSS 5.5
CVE-2023-5927 MEDIUM
Simple Student Information System 1.0 - SQL Injection via manage_course.php id Parameter
CVSS 5.5
CVE-2023-5926 MEDIUM
Campcodes Simple Student Information System 1.0 - SQL Injection via student_id Parameter
CVSS 5.5
CVE-2023-5925 MEDIUM
Simple Student Information System 1.0 - SQL Injection via Master.php f Parameter
CVSS 5.5
CVE-2023-5924 MEDIUM
Campcodes Simple Student Information System 1.0 - SQL Injection via id Parameter in view_course.php
CVSS 5.5
CVE-2023-5923 MEDIUM
Simple Student Information System 1.0 - SQL Injection via /admin/index.php id Parameter
CVSS 5.5
CVE-2023-45347 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via User Router Verified Parameter
CVSS 9.8
CVE-2023-45346 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via User Router Role Parameter
CVSS 9.8
CVE-2023-45345 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via user-router.php *_deleted Parameter
CVSS 9.8
Details
Vulnerabilities 19,735
Exploit Likelihood High