CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-43013 CRITICAL
Asset Management System v1.0 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-30415 CRITICAL
Sourcecodester Packers and Movers Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-38870 CRITICAL
gugoan Economizzer <0.9-beta1 - SQL Injection
CVSS 9.8
CVE-2023-43192 HIGH
SpringbootCMS 1.0 - SQL Injection
CVSS 8.8
CVE-2023-44047 HIGH
Sourcecodester Toll Tax Management System v1 - SQL Injection
CVSS 7.2
CVE-2023-4737 CRITICAL
Hedef Tracking Admin Panel < 1.2 - SQL Injection
CVSS 9.8
CVE-2023-44044 HIGH
Super Store Finder <3.6 - SQL Injection
CVSS 7.2
CVE-2023-43610 HIGH
Welcart e-Commerce <2.8.21 - SQL Injection
CVSS 8.8
CVE-2023-43493 MEDIUM
Welcart e-Commerce <2.8.21 - Info Disclosure
CVSS 4.9
CVE-2023-43381 HIGH
Tianchoy Blog <1.8.8 - Info Disclosure
CVSS 7.5
CVE-2023-42461 MEDIUM
GLPI 10.0.0-10.0.9 - SQL Injection via ITIL Actors Input Field
CVSS 6.5
CVE-2023-41320 HIGH
GLPI 10.0.0-10.0.9 - SQL Injection via UI Layout Preferences
CVSS 8.1
CVE-2023-40046 HIGH
WS_FTP Server < 8.7.4 - SQL Injection in Manager Interface
CVSS 8.2
CVE-2023-39378 HIGH
SiberianCMS 4.0.0-4.20.44 - Unauthenticated SQL Injection
CVSS 8.8
CVE-2023-35071 CRITICAL
MRV Logging Administration Panel < 20230915 - SQL Injection
CVSS 9.8
CVE-2023-43132 MEDIUM
szvone vmqphp <=1.13 - SQL Injection
CVSS 6.5
CVE-2023-39640 CRITICAL
UpLight cookiebanner < 1.5.1 - SQL Injection via Hook::getHookModuleExecList()
CVSS 9.8
CVE-2023-5153 MEDIUM
D-Link DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-5152 MEDIUM
D-Link DAR-7000/DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-5151 MEDIUM
D-Link DAR-8000 <20151231 - SQL Injection
CVSS 6.3
CVE-2023-43470 CRITICAL
Janobe Online Voting System <1.0 - RCE
CVSS 9.8
CVE-2023-43469 CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
CVSS 9.8
CVE-2023-43468 CRITICAL
Janobe Online Job Portal <2020 - SQL Injection
CVSS 9.8
CVE-2023-40989 CRITICAL
jeecg-boot < 3.6.0 - SQL Injection via Report Query Field Endpoint
CVSS 9.8
CVE-2023-43640 MEDIUM
TaxonWorks < 0.34.0 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,737
Exploit Likelihood High