CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-5281 MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via remove_inbox_message.php id Parameter
CVSS 6.3
CVE-2023-5280 MEDIUM
Engineers Online Portal 1.0 - SQL Injection via my_students.php id Parameter
CVSS 6.3
CVE-2023-5279 MEDIUM
Engineers Online Portal 1.0 - SQL Injection via teacher_class_student_id Parameter
CVSS 6.3
CVE-2023-5278 MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via login.php Username/Password Parameter
CVSS 6.3
CVE-2023-5276 MEDIUM
SourceCodester Engineers Online Portal 1.0 - SQL Injection via downloadable_student.php id Parameter
CVSS 6.3
CVE-2023-5272 MEDIUM
Best Courier Management System 1.0 - SQL Injection via edit_parcel.php id Parameter
CVSS 5.5
CVE-2023-5271 MEDIUM
Best Courier Management System 1.0 - SQL Injection via edit_parcel.php Email Parameter
CVSS 5.5
CVE-2023-5270 MEDIUM
Best Courier Management System 1.0 - SQL Injection via view_parcel.php id Parameter
CVSS 5.5
CVE-2023-5269 MEDIUM
Best Courier Management System 1.0 - SQL Injection via Parcel List GET Parameter
CVSS 5.5
CVE-2023-5268 MEDIUM
DedeBIZ 6.2 - SQL Injection via mktime Parameter in makehtml_taglist_action.php
CVSS 6.3
CVE-2023-5267 MEDIUM
Tongda OA < 11.10 - SQL Injection via EXPERT_ID Parameter in hr_pool/delete.php
CVSS 5.5
CVE-2023-5266 MEDIUM
DedeBIZ 6.2 - SQL Injection via tags_main.php ids Parameter
CVSS 6.3
CVE-2023-5265 MEDIUM
Tongda OA < 11.10 - SQL Injection via TRANSFER_ID Parameter
CVSS 5.5
CVE-2023-5264 MEDIUM
huakecms 3.0 - SQL Injection via cid Parameter in /admin/cms_content.php
CVSS 6.3
CVE-2023-43909 CRITICAL
Hospital Management System - SQL Injection
CVSS 9.1
CVE-2023-5261 MEDIUM
Tongda OA < 11.10 - SQL Injection via EVALUATION_ID Parameter
CVSS 5.5
CVE-2023-5260 MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection via group_validator.php club_id Parameter
CVSS 6.3
CVE-2023-5258 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via /resource/addgood.php id Parameter
CVSS 6.3
CVE-2023-44166 CRITICAL
Online Movie Ticket Booking System - SQL Injection via Age Parameter
CVSS 9.8
CVE-2023-44164 CRITICAL
Online Movie Ticket Booking System - SQL Injection via Email Parameter
CVSS 9.8
CVE-2023-44163 CRITICAL
Online Movie Ticket Booking System - SQL Injection via Search Parameter
CVSS 9.8
CVE-2023-43739 CRITICAL
online_book_store_project - SQL Injection via bookisbn Parameter
CVSS 9.8
CVE-2023-43014 HIGH
Asset Management System v1.0 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-5053 CRITICAL
Hospital management system <378c157 - Auth Bypass
CVSS 9.8
CVE-2023-5004 CRITICAL
Hospital Management System in PHP - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,737
Exploit Likelihood High