CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,737 vulnerabilities with CWE-89
CVE-2023-5580
MEDIUM
SourceCodester Library System 1.0 - SQL Injection via Category Parameter
CVSS 6.3
CVE-2023-30154
CRITICAL
AfterMail < 2.2.1 - SQL Injection via id_customer, id_conf, id_product, and token Parameters
CVSS 9.8
CVE-2023-45674
HIGH
Farmbot Web App < 15.8.4 - Authenticated SQL Injection
CVSS 7.7
CVE-2023-34976
CRITICAL
QNAP Video Station < 5.7.0 - Authenticated SQL Injection
CVSS 10.0
CVE-2023-34975
MEDIUM
QNAP Video Station < 5.7.0 - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-45162
CRITICAL
1E Platform - Blind SQL Injection leading to Remote Code Execution
CVSS 9.9
CVE-2023-38250
HIGH
Adobe Commerce SQL Injection (2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, 2.4.4-p5)
CVSS 8.0
CVE-2023-38249
HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-38221
HIGH
Adobe Commerce <=2.4.7-beta1, <=2.4.6-p2, <=2.4.5-p4, <=2.4.4-p5 - Authenticated SQL Injection
CVSS 8.0
CVE-2023-41262
CRITICAL
Plixer Scrutinizer <19.3.1 - SQL Injection
CVSS 9.8
CVE-2023-5046
CRITICAL
Biltay Technology Procost <1390 - SQL Injection
CVSS 9.8
CVE-2023-5045
CRITICAL
Biltay Technology Kayisi <1286 - SQL Injection
CVSS 9.8
CVE-2023-23737
CRITICAL
MainWP Broken Links Checker Extension <= 4.0 - Unauthenticated SQL Injection
CVSS 9.3
CVE-2023-23651
HIGH
MainWP Google Analytics Extension <= 4.0.4 - Authenticated SQL Injection
CVSS 8.5
CVE-2023-44961
HIGH
Koha Library Software < 23.05.04 - SQL Injection via intranet/cgi bin/cataloging/ysearch.pl
CVSS 7.5
CVE-2023-5497
MEDIUM
Tongda OA 11.10 - SQL Injection via WELFARE_ID Parameter
CVSS 6.3
CVE-2023-4309
CRITICAL
ESC Internet Election Service - SQL Injection
CVSS 10.0
CVE-2023-5495
MEDIUM
QDocs Smart School 6.4.1 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2023-5471
MEDIUM
farmacia 1.0 - SQL Injection via index.php usario/senha Parameter
CVSS 6.3
CVE-2023-43899
CRITICAL
hansuncms v1.0 - SQL Injection via /ajax/ajax_login.ashx
CVSS 9.8
CVE-2023-4530
CRITICAL
Turna Advertising <1.1 - SQL Injection
CVSS 9.8
CVE-2023-44024
CRITICAL
KnowBand One Page Checkout, Social Login & Mailchimp < 8.0.3 - SQL Injection via updateCheckoutBehaviour Function
CVSS 9.8
CVE-2023-43983
CRITICAL
Presto Changeo <2.0.3 - SQL Injection
CVSS 9.8
CVE-2023-40920
CRITICAL
Prixan prixanconnect <1.62 - SQL Injection
CVSS 9.8
CVE-2023-5423
MEDIUM
Online Pizza Ordering System 1.0 - SQL Injection via /admin/ajax.php id Parameter
CVSS 4.7
Details
Vulnerabilities
19,737
Exploit Likelihood
High