CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,735 vulnerabilities with CWE-89
CVE-2023-41891
LOW
flyteadmin < 1.1.124 - Authenticated SQL Injection via List Endpoint Filters
CVSS 3.5
CVE-2023-5315
HIGH
Google Maps made Simple < 0.6 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5252
MEDIUM
FareHarbor for WordPress <= 3.6.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2023-5836
MEDIUM
Task Reminder System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2023-46490
MEDIUM
Cacti 1.2.25 - SQL Injection via form_actions() in managers.php
CVSS 6.5
CVE-2023-44480
HIGH
Leave Management System Project 1.0 - Authenticated SQL Injection via setcasualleave Parameter
CVSS 8.8
CVE-2023-5828
HIGH
Ontall Longxing Industrial Development Zone Project - SQL Injection
CVSS 7.3
CVE-2023-5827
MEDIUM
Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2 - SQL Injection via UserEdit.aspx ID Parameter
CVSS 5.5
CVE-2023-5826
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via SessionId Parameter in list_onlineuser.php
CVSS 5.5
CVE-2023-5807
CRITICAL
TRtek Software Education Portal < 3.2023.29 - SQL Injection
CVSS 9.8
CVE-2023-5814
MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /classes/Master.php id Parameter
CVSS 6.3
CVE-2023-5813
MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /classes/Master.php id Parameter
CVSS 6.3
CVE-2023-5805
MEDIUM
Simple Real Estate Portal System 1.0 - SQL Injection via view_estate.php id Parameter
CVSS 6.3
CVE-2023-42406
CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via editrole.php
CVSS 9.8
CVE-2023-46748
HIGH
KEV
BIG-IP - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5804
HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-44267
CRITICAL
Online Art Gallery 1.0 - Unauthenticated SQL Injection via lnm Parameter
CVSS 9.8
CVE-2023-5794
HIGH
PHPGurukul Online Railway Catering System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-46435
CRITICAL
Sourcecodester Packers and Movers Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-5792
MEDIUM
Sticky Notes App 1.0 - SQL Injection via note Parameter in delete-note.php
CVSS 6.3
CVE-2023-5787
HIGH
Shaanxi Chanming Education Technology Score Query System 5.0 - SQL Injection via stuIdCard Parameter
CVSS 7.3
CVE-2023-5785
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via messagecontent Parameter
CVSS 5.5
CVE-2023-5784
MEDIUM
Netentsec NS-ASG 6.3 SQL Injection via /protocol/firewall/uploadfirewall.php
CVSS 5.5
CVE-2023-5783
MEDIUM
Tongda OA < 11.10 - SQL Injection via flow/delete.php id/sort_parent Parameter
CVSS 6.3
CVE-2023-5782
MEDIUM
Tongda OA < 11.10 - SQL Injection via NEWS_ID Parameter in General News Component
CVSS 5.5
Details
Vulnerabilities
19,735
Exploit Likelihood
High