CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-45338 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via 'id' Parameter
CVSS 9.8
CVE-2023-45344 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via *_balance Parameter
CVSS 9.8
CVE-2023-45343 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Ticket ID Parameter
CVSS 9.8
CVE-2023-45342 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Phone Parameter
CVSS 9.8
CVE-2023-45341 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Menu Router Price Parameter
CVSS 9.8
CVE-2023-45340 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Phone Parameter
CVSS 9.8
CVE-2023-45336 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Password Parameter
CVSS 9.8
CVE-2023-45334 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Edit-Orders Status Parameter
CVSS 9.8
CVE-2023-45325 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Address Parameter
CVSS 9.8
CVE-2023-45323 CRITICAL
Online Food Ordering System 1.0 - Unauthenticated SQL Injection via Name Parameter
CVSS 9.8
CVE-2023-29047 MEDIUM
Open-Xchange AppSuite < 7.10.6 - SQL Injection via Imageconverter API
CVSS 5.3
CVE-2023-26454 HIGH
open-xchange_appsuite < 7.10.6 - SQL Injection via Image Metadata Fetch Request
CVSS 7.6
CVE-2023-26453 HIGH
Open-Xchange AppSuite < 7.10.6 - SQL Injection via Image Cache Request
CVSS 7.6
CVE-2023-26452 HIGH
open-xchange_appsuite < 7.10.6 - SQL Injection via Image Metadata Caching
CVSS 7.6
CVE-2023-5918 MEDIUM
SourceCodester Visitor Management System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2023-45019 CRITICAL
Online Bus Booking System 1.0 - Unauthenticated SQL Injection via Category Parameter
CVSS 9.8
CVE-2023-45018 CRITICAL
Online Bus Booking System 1.0 - Unauthenticated SQL Injection via Username Parameter
CVSS 9.8
CVE-2023-45015 CRITICAL
Online Bus Booking System 1.0 - Unauthenticated SQL Injection via Date Parameter
CVSS 9.8
CVE-2023-45012 CRITICAL
Online Bus Booking System 1.0 - Unauthenticated SQL Injection via user_email Parameter
CVSS 9.8
CVE-2023-45111 CRITICAL
Online Examination System 1.0 - Unauthenticated SQL Injection via Email Parameter in feed.php
CVSS 9.8
CVE-2023-44025 CRITICAL
Addifyfreegifts <1.0.2 - SQL Injection
CVSS 9.8
CVE-2023-46482 CRITICAL
wuzhicms 4.1.0 - SQL Injection via Database Backup Functionality
CVSS 9.8
CVE-2023-37966 HIGH
Solwin Infotech User Activity Log < 1.6.2 - SQL Injection
CVSS 7.6
CVE-2023-36508 HIGH
BestWebSoft Contact Form to DB <1.7.1 - SQL Injection
CVSS 7.6
CVE-2023-35879 HIGH
WooCommerce Product Vendors < 2.1.78 - SQL Injection
CVSS 7.6
Details
Vulnerabilities 19,735
Exploit Likelihood High