CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,737 vulnerabilities with CWE-89
CVE-2023-43013
CRITICAL
Asset Management System v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-30415
CRITICAL
Sourcecodester Packers and Movers Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-38870
CRITICAL
gugoan Economizzer <0.9-beta1 - SQL Injection
CVSS 9.8
CVE-2023-43192
HIGH
SpringbootCMS 1.0 - SQL Injection
CVSS 8.8
CVE-2023-44047
HIGH
Sourcecodester Toll Tax Management System v1 - SQL Injection
CVSS 7.2
CVE-2023-4737
CRITICAL
Hedef Tracking Admin Panel < 1.2 - SQL Injection
CVSS 9.8
CVE-2023-44044
HIGH
Super Store Finder <3.6 - SQL Injection
CVSS 7.2
CVE-2023-43610
HIGH
Welcart e-Commerce <2.8.21 - SQL Injection
CVSS 8.8
CVE-2023-43493
MEDIUM
Welcart e-Commerce <2.8.21 - Info Disclosure
CVSS 4.9
CVE-2023-43381
HIGH
Tianchoy Blog <1.8.8 - Info Disclosure
CVSS 7.5
CVE-2023-42461
MEDIUM
GLPI 10.0.0-10.0.9 - SQL Injection via ITIL Actors Input Field
CVSS 6.5
CVE-2023-41320
HIGH
GLPI 10.0.0-10.0.9 - SQL Injection via UI Layout Preferences
CVSS 8.1
CVE-2023-40046
HIGH
WS_FTP Server < 8.7.4 - SQL Injection in Manager Interface
CVSS 8.2
CVE-2023-39378
HIGH
SiberianCMS 4.0.0-4.20.44 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2023-35071
CRITICAL
MRV Logging Administration Panel < 20230915 - SQL Injection
CVSS 9.8
CVE-2023-43132
MEDIUM
szvone vmqphp <=1.13 - SQL Injection
CVSS 6.5
CVE-2023-39640
CRITICAL
UpLight cookiebanner < 1.5.1 - SQL Injection via Hook::getHookModuleExecList()
CVSS 9.8
CVE-2023-5153
MEDIUM
D-Link DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-5152
MEDIUM
D-Link DAR-7000/DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-5151
MEDIUM
D-Link DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-43470
CRITICAL
Janobe Online Voting System <1.0 - RCE
CVSS 9.8
CVE-2023-43469
CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
CVSS 9.8
CVE-2023-43468
CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
CVSS 9.8
CVE-2023-40989
CRITICAL
jeecg-boot < 3.6.0 - SQL Injection via Report Query Field Endpoint
CVSS 9.8
CVE-2023-43640
MEDIUM
TaxonWorks < 0.34.0 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities
19,737
Exploit Likelihood
High