CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-41891 LOW
flyteadmin < 1.1.124 - Authenticated SQL Injection via List Endpoint Filters
CVSS 3.5
CVE-2023-5315 HIGH
Google Maps made Simple < 0.6 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-5252 MEDIUM
FareHarbor for WordPress <= 3.6.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2023-5836 MEDIUM
Task Reminder System 1.0 - SQL Injection via Users.php id Parameter
CVSS 6.3
CVE-2023-46490 MEDIUM
Cacti 1.2.25 - SQL Injection via form_actions() in managers.php
CVSS 6.5
CVE-2023-44480 HIGH
Leave Management System Project 1.0 - Authenticated SQL Injection via setcasualleave Parameter
CVSS 8.8
CVE-2023-5828 HIGH
Ontall Longxing Industrial Development Zone Project - SQL Injection
CVSS 7.3
CVE-2023-5827 MEDIUM
Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2 - SQL Injection via UserEdit.aspx ID Parameter
CVSS 5.5
CVE-2023-5826 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via SessionId Parameter in list_onlineuser.php
CVSS 5.5
CVE-2023-5807 CRITICAL
TRtek Software Education Portal < 3.2023.29 - SQL Injection
CVSS 9.8
CVE-2023-5814 MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /classes/Master.php id Parameter
CVSS 6.3
CVE-2023-5813 MEDIUM
SourceCodester Task Reminder System 1.0 - SQL Injection via /classes/Master.php id Parameter
CVSS 6.3
CVE-2023-5805 MEDIUM
Simple Real Estate Portal System 1.0 - SQL Injection via view_estate.php id Parameter
CVSS 6.3
CVE-2023-42406 CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via editrole.php
CVSS 9.8
CVE-2023-46748 HIGH KEV
BIG-IP - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5804 HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-44267 CRITICAL
Online Art Gallery 1.0 - Unauthenticated SQL Injection via lnm Parameter
CVSS 9.8
CVE-2023-5794 HIGH
PHPGurukul Online Railway Catering System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2023-46435 CRITICAL
Sourcecodester Packers and Movers Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-5792 MEDIUM
Sticky Notes App 1.0 - SQL Injection via note Parameter in delete-note.php
CVSS 6.3
CVE-2023-5787 HIGH
Shaanxi Chanming Education Technology Score Query System 5.0 - SQL Injection via stuIdCard Parameter
CVSS 7.3
CVE-2023-5785 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via messagecontent Parameter
CVSS 5.5
CVE-2023-5784 MEDIUM
Netentsec NS-ASG 6.3 SQL Injection via /protocol/firewall/uploadfirewall.php
CVSS 5.5
CVE-2023-5783 MEDIUM
Tongda OA < 11.10 - SQL Injection via flow/delete.php id/sort_parent Parameter
CVSS 6.3
CVE-2023-5782 MEDIUM
Tongda OA < 11.10 - SQL Injection via NEWS_ID Parameter in General News Component
CVSS 5.5
Details
Vulnerabilities 19,735
Exploit Likelihood High