CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-5374 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection via products.php c Parameter
CVSS 6.3
CVE-2023-5373 HIGH
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection via Master.php Email Parameter
CVSS 7.3
CVE-2023-4037 CRITICAL
Conacwin 3.7.1.2 - Blind SQL Injection via XML Parameter
CVSS 9.9
CVE-2023-3038 CRITICAL
HelpDezk Community <1.1.10 - SQL Injection
CVSS 9.8
CVE-2023-39647 CRITICAL
Theme Volty CMS Category Product < 4.0.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-39651 CRITICAL
Theme Volty CMS BrandList < 4.0.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-39649 CRITICAL
Theme Volty CMS Category Slider < 4.0.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-39648 CRITICAL
Theme Volty CMS Testimonial < 4.0.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-39646 CRITICAL
Theme Volty CMS Category Chain Slider < 4.0.1 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-39645 CRITICAL
Theme Volty CMS Payment Icon < 4.0.2 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-2681 HIGH
Jorani 1.0.0 - Authenticated SQL Injection via /leaves/validate id Parameter
CVSS 8.8
CVE-2023-5350 CRITICAL
SuiteCRM < 7.14.1 - SQL Injection
CVSS 9.1
CVE-2023-4103 HIGH
QSige - Authenticated SQL Injection
CVSS 8.8
CVE-2023-4102 HIGH
QSige - Authenticated SQL Injection
CVSS 8.8
CVE-2023-4098 HIGH
Web Application <version> - SQL Injection, DoS, Info Disclosure
CVSS 8.8
CVE-2023-43980 CRITICAL
Presto Changeo testsitecreator <1.1.1 - SQL Injection
CVSS 9.8
CVE-2023-43836 MEDIUM
jizhicms 2.4.9 - SQL Injection
CVSS 6.5
CVE-2023-5322 MEDIUM
D-Link DAR-7000 Firmware < 2015-12-31 - SQL Injection via sysmanage/edit_manageadmin.php id Parameter
CVSS 4.7
CVE-2023-5300 MEDIUM
TTSPlanning < 20230925 - SQL Injection via uid Argument
CVSS 6.3
CVE-2023-5298 MEDIUM
Tongda OA < 11.10 - SQL Injection via REQUIREMENTS_ID Parameter
CVSS 5.5
CVE-2023-5294 MEDIUM
ECshop 4.1.1 - SQL Injection via goods_id Parameter in /admin/order.php
CVSS 4.7
CVE-2023-5293 MEDIUM
ECshop 4.1.5 - SQL Injection via /admin/leancloud.php id Parameter
CVSS 4.7
CVE-2023-5285 MEDIUM
Tongda OA < 11.10 - SQL Injection via RECRUITMENT_ID Parameter
CVSS 6.3
CVE-2023-5283 MEDIUM
Engineers Online Portal 1.0 - SQL Injection via teacher_signup.php Firstname/Lastname Parameter
CVSS 6.3
CVE-2023-5282 MEDIUM
Engineers Online Portal 1.0 - SQL Injection via teacher_id Parameter
CVSS 6.3
Details
Vulnerabilities 19,737
Exploit Likelihood High