CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-5580 MEDIUM
SourceCodester Library System 1.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-30154 CRITICAL
AfterMail < 2.2.1 - SQL Injection via id_customer, id_conf, id_product, and token Parameters
CVSS 9.8
CVE-2023-45674 HIGH
Farmbot Web App < 15.8.4 - Authenticated SQL Injection
CVSS 7.7
CVE-2023-34976 CRITICAL
QNAP Video Station < 5.7.0 - Authenticated SQL Injection
CVSS 10.0
CVE-2023-34975 MEDIUM
QNAP Video Station < 5.7.0 - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-45162 CRITICAL
1E Platform - Blind SQL Injection leading to Remote Code Execution
CVSS 9.9
CVE-2023-38250 HIGH
Adobe Commerce SQL Injection (2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, 2.4.4-p5)
CVSS 8.0
CVE-2023-38249 HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-38221 HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-41262 CRITICAL
Plixer Scrutinizer <19.3.1 - SQL Injection
CVSS 9.8
CVE-2023-5046 CRITICAL
Biltay Technology Procost <1390 - SQL Injection
CVSS 9.8
CVE-2023-5045 CRITICAL
Biltay Technology Kayisi <1286 - SQL Injection
CVSS 9.8
CVE-2023-23737 CRITICAL
MainWP Broken Links Checker Extension <= 4.0 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-23651 HIGH
MainWP Google Analytics Extension <= 4.0.4 - Authenticated SQL Injection
CVSS 8.5
CVE-2023-44961 HIGH
Koha Library Software < 23.05.04 - SQL Injection via intranet/cgi bin/cataloging/ysearch.pl
CVSS 7.5
CVE-2023-5497 MEDIUM
Tongda OA 11.10 - SQL Injection via WELFARE_ID Parameter
CVSS 6.3
CVE-2023-4309 CRITICAL
ESC Internet Election Service - SQL Injection
CVSS 10.0
CVE-2023-5495 MEDIUM
QDocs Smart School 6.4.1 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2023-5471 MEDIUM
farmacia 1.0 - SQL Injection via index.php usario/senha Parameter
CVSS 6.3
CVE-2023-43899 CRITICAL
hansuncms v1.0 - SQL Injection via /ajax/ajax_login.ashx
CVSS 9.8
CVE-2023-4530 CRITICAL
Turna Advertising <1.1 - SQL Injection
CVSS 9.8
CVE-2023-44024 CRITICAL
KnowBand One Page Checkout, Social Login & Mailchimp < 8.0.3 - SQL Injection via updateCheckoutBehaviour Function
CVSS 9.8
CVE-2023-43983 CRITICAL
Presto Changeo <2.0.3 - SQL Injection
CVSS 9.8
CVE-2023-40920 CRITICAL
Prixan prixanconnect <1.62 - SQL Injection
CVSS 9.8
CVE-2023-5423 MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via /admin/ajax.php id Parameter
CVSS 4.7
Details
Vulnerabilities 19,737
Exploit Likelihood High