CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,735 vulnerabilities with CWE-89
CVE-2023-4598
HIGH
Slimstat Analytics <5.0.9 - SQL Injection
CVSS 8.8
CVE-2023-45376
CRITICAL
Carousels Pack < 1.5.1 - Unauthenticated SQL Injection via HiCpProductGetter::getViewedProduct()
CVSS 9.8
CVE-2023-45826
MEDIUM
Leantime < 2.4 - Authenticated SQL Injection via userId Parameter
CVSS 6.5
CVE-2023-45381
CRITICAL
Webshopworks Creativepopup < 1.6.10 - SQL Injection
CVSS 9.8
CVE-2023-43986
CRITICAL
DM Concept configurator <4.9.4 - SQL Injection
CVSS 9.8
CVE-2023-45379
CRITICAL
PosThemes posrotatorimg < 1.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-5204
CRITICAL
WPBot AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via $strid
CVSS 9.8
CVE-2023-5336
HIGH
iPanorama 360 - WordPress Virtual Tour Builder < 1.8.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-46007
CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-46006
CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-46005
CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-43794
MEDIUM
Nocodb < 0.111.0 - Authenticated SQL Injection via Crafted Payload
CVSS 6.5
CVE-2023-45951
CRITICAL
lylme_spage v1.7.0 - SQL Injection via $userip Parameter
CVSS 9.8
CVE-2023-44694
CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via mailrecvview.php
CVSS 9.8
CVE-2023-44693
CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via importexport.php
CVSS 9.8
CVE-2023-45386
CRITICAL
MyPresta Product Extra Tabs Pro < 2.2.8 - SQL Injection via searchcategory/searchproduct/searchmanufacturer
CVSS 9.8
CVE-2023-45375
HIGH
PireosPay < 1.7.10 - Unauthenticated SQL Injection via PireosPayValidationModuleFrontController
CVSS 8.8
CVE-2023-34210
HIGH
EasyUse MailHunter Ultimate < 2023 - Authenticated SQL Injection via ctl00$ContentPlaceHolder1$txtCustSQL Parameter
CVSS 7.7
CVE-2023-40852
CRITICAL
User Registration & Login and User Management System With Admin Panel 3.0 - SQL Injection via Admin Username Field
CVSS 9.8
CVE-2023-4776
HIGH
wpschoolpress < 2.2.5 - Authenticated SQL Injection via Unquoted Field
CVSS 8.8
CVE-2023-5591
MEDIUM
librenms/librenms < 23.10.0 - SQL Injection
CVSS 6.5
CVE-2023-5589
HIGH
Judging Management System 1.0 - SQL Injection via login.php Password Parameter
CVSS 7.3
CVE-2023-5587
MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via search Parameter in Parameter Handler
CVSS 6.3
CVE-2023-5580
MEDIUM
SourceCodester Library System 1.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-30154
CRITICAL
AfterMail < 2.2.1 - SQL Injection via id_customer, id_conf, id_product, and token Parameters
CVSS 9.8
Details
Vulnerabilities
19,735
Exploit Likelihood
High