CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-4598 HIGH
Slimstat Analytics <5.0.9 - SQL Injection
CVSS 8.8
CVE-2023-45376 CRITICAL
Carousels Pack < 1.5.1 - Unauthenticated SQL Injection via HiCpProductGetter::getViewedProduct()
CVSS 9.8
CVE-2023-45826 MEDIUM
Leantime < 2.4 - Authenticated SQL Injection via userId Parameter
CVSS 6.5
CVE-2023-45381 CRITICAL
Webshopworks Creativepopup < 1.6.10 - SQL Injection
CVSS 9.8
CVE-2023-43986 CRITICAL
DM Concept configurator <4.9.4 - SQL Injection
CVSS 9.8
CVE-2023-45379 CRITICAL
PosThemes posrotatorimg < 1.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-5204 CRITICAL
WPBot AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via $strid
CVSS 9.8
CVE-2023-5336 HIGH
iPanorama 360 - WordPress Virtual Tour Builder < 1.8.0 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
CVE-2023-46007 CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-46006 CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-46005 CRITICAL
Sourcecodester Best Courier Management System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-43794 MEDIUM
Nocodb < 0.111.0 - Authenticated SQL Injection via Crafted Payload
CVSS 6.5
CVE-2023-45951 CRITICAL
lylme_spage v1.7.0 - SQL Injection via $userip Parameter
CVSS 9.8
CVE-2023-44694 CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via mailrecvview.php
CVSS 9.8
CVE-2023-44693 CRITICAL
D-Link DAR-7000 V31R02B1413C - SQL Injection via importexport.php
CVSS 9.8
CVE-2023-45386 CRITICAL
MyPresta Product Extra Tabs Pro < 2.2.8 - SQL Injection via searchcategory/searchproduct/searchmanufacturer
CVSS 9.8
CVE-2023-45375 HIGH
PireosPay < 1.7.10 - Unauthenticated SQL Injection via PireosPayValidationModuleFrontController
CVSS 8.8
CVE-2023-34210 HIGH
EasyUse MailHunter Ultimate < 2023 - Authenticated SQL Injection via ctl00$ContentPlaceHolder1$txtCustSQL Parameter
CVSS 7.7
CVE-2023-40852 CRITICAL
User Registration & Login and User Management System With Admin Panel 3.0 - SQL Injection via Admin Username Field
CVSS 9.8
CVE-2023-4776 HIGH
wpschoolpress < 2.2.5 - Authenticated SQL Injection via Unquoted Field
CVSS 8.8
CVE-2023-5591 MEDIUM
librenms/librenms < 23.10.0 - SQL Injection
CVSS 6.5
CVE-2023-5589 HIGH
Judging Management System 1.0 - SQL Injection via login.php Password Parameter
CVSS 7.3
CVE-2023-5587 MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via search Parameter in Parameter Handler
CVSS 6.3
CVE-2023-5580 MEDIUM
SourceCodester Library System 1.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-30154 CRITICAL
AfterMail < 2.2.1 - SQL Injection via id_customer, id_conf, id_product, and token Parameters
CVSS 9.8
Details
Vulnerabilities 19,735
Exploit Likelihood High