CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,737 vulnerabilities with CWE-89
CVE-2023-5281
MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via remove_inbox_message.php id Parameter
CVSS 6.3
CVE-2023-5280
MEDIUM
Engineers Online Portal 1.0 - SQL Injection via my_students.php id Parameter
CVSS 6.3
CVE-2023-5279
MEDIUM
Engineers Online Portal 1.0 - SQL Injection via teacher_class_student_id Parameter
CVSS 6.3
CVE-2023-5278
MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via login.php Username/Password Parameter
CVSS 6.3
CVE-2023-5276
MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via downloadable_student.php id Parameter
CVSS 6.3
CVE-2023-5272
MEDIUM
Best Courier Management System 1.0 - SQL Injection via edit_parcel.php id Parameter
CVSS 5.5
CVE-2023-5271
MEDIUM
Best Courier Management System 1.0 - SQL Injection via edit_parcel.php Email Parameter
CVSS 5.5
CVE-2023-5270
MEDIUM
Best Courier Management System 1.0 - SQL Injection via view_parcel.php id Parameter
CVSS 5.5
CVE-2023-5269
MEDIUM
Best Courier Management System 1.0 - SQL Injection via Parcel List GET Parameter
CVSS 5.5
CVE-2023-5268
MEDIUM
DedeBIZ 6.2 - SQL Injection via mktime Parameter in makehtml_taglist_action.php
CVSS 6.3
CVE-2023-5267
MEDIUM
Tongda OA < 11.10 - SQL Injection via EXPERT_ID Parameter in hr_pool/delete.php
CVSS 5.5
CVE-2023-5266
MEDIUM
DedeBIZ 6.2 - SQL Injection via tags_main.php ids Parameter
CVSS 6.3
CVE-2023-5265
MEDIUM
Tongda OA < 11.10 - SQL Injection via TRANSFER_ID Parameter
CVSS 5.5
CVE-2023-5264
MEDIUM
huakecms 3.0 - SQL Injection via cid Parameter in /admin/cms_content.php
CVSS 6.3
CVE-2023-43909
CRITICAL
Hospital Management System - SQL Injection
CVSS 9.1
CVE-2023-5261
MEDIUM
Tongda OA < 11.10 - SQL Injection via EVALUATION_ID Parameter
CVSS 5.5
CVE-2023-5260
MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection via group_validator.php club_id Parameter
CVSS 6.3
CVE-2023-5258
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via /resource/addgood.php id Parameter
CVSS 6.3
CVE-2023-44166
CRITICAL
Online Movie Ticket Booking System - SQL Injection via Age Parameter
CVSS 9.8
CVE-2023-44164
CRITICAL
Online Movie Ticket Booking System - SQL Injection via Email Parameter
CVSS 9.8
CVE-2023-44163
CRITICAL
Online Movie Ticket Booking System - SQL Injection via Search Parameter
CVSS 9.8
CVE-2023-43739
CRITICAL
online_book_store_project - SQL Injection via bookisbn Parameter
CVSS 9.8
CVE-2023-43014
HIGH
Asset Management System v1.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5053
CRITICAL
Hospital management system <378c157 - Auth Bypass
CVSS 9.8
CVE-2023-5004
CRITICAL
Hospital Management System in PHP - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,737
Exploit Likelihood
High