CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,737 vulnerabilities with CWE-89
CVE-2023-43144
CRITICAL
Assets-management-system-in-php 1.0 - SQL Injection
CVSS 9.8
CVE-2023-31719
CRITICAL
FUXA <= 1.1.12 - SQL Injection via /api/signin
CVSS 9.8
CVE-2023-31717
HIGH
FUXA <= 1.1.12 - SQL Injection
CVSS 7.5
CVE-2023-34576
CRITICAL
opartfaq < 1.0.4 - SQL Injection via updatepos.php
CVSS 9.8
CVE-2023-42279
CRITICAL
Dreamer CMS 4.1.3 - SQL Injection via Model-Form-Management-Field Form
CVSS 9.8
CVE-2023-42807
MEDIUM
Frappe LMS < 1.0.0 - SQL Injection via People Page
CVSS 6.3
CVE-2023-34577
CRITICAL
planned_popup < 1.4.12 - SQL Injection via OpartPlannedPopupModuleFrontController::prepareHook()
CVSS 9.8
CVE-2023-43274
HIGH
Phpjabbers PHP Shopping Cart 4.2 - SQL Injection
CVSS 7.5
CVE-2023-4292
MEDIUM
Frauscher Sensortechnik GmbH FDS101 - SQL Injection
CVSS 5.3
CVE-2023-39675
CRITICAL
SimpleImportProduct Prestashop Module 6.2.9 - SQL Injection via Key Parameter
CVSS 9.8
CVE-2023-34575
CRITICAL
Op'art Save Cart < 2.0.7 - SQL Injection
CVSS 9.8
CVE-2023-43377
MEDIUM
Hoteldruid 3.0.5 - Stored Cross-Site Scripting via destinatario_email1 Parameter
CVSS 5.4
CVE-2023-43375
CRITICAL
Hoteldruid 3.0.5 - SQL Injection via Multiple POST Parameters
CVSS 9.8
CVE-2023-43374
CRITICAL
Hoteldruid 3.0.5 - SQL Injection via id_utente_log Parameter
CVSS 9.8
CVE-2023-43373
CRITICAL
Hoteldruid 3.0.5 - SQL Injection via n_utente_agg Parameter
CVSS 9.8
CVE-2023-43371
CRITICAL
Hoteldruid 3.0.5 - SQL Injection via numcaselle Parameter
CVSS 9.8
CVE-2023-42660
HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Machine Interface
CVSS 8.8
CVE-2023-40043
HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Web Interface
CVSS 7.2
CVE-2023-40934
HIGH
Nagios XI < 5.11.2 - Authenticated SQL Injection via Host Escalation Notification Settings
CVSS 7.2
CVE-2023-40933
HIGH
Nagios XI < 5.11.2 - Authenticated SQL Injection via ID Parameter in update_banner_message()
CVSS 8.8
CVE-2023-40931
MEDIUM
Nagios XI 5.11.0-5.11.1 - Authenticated SQL Injection via Banner Message ID Parameter
CVSS 6.5
CVE-2023-4092
HIGH
Arconte Aurea 1.5.0.0 - SQL Injection
CVSS 8.8
CVE-2023-2567
HIGH
Nozomi Networks Guardian and CMC < 22.6.3 - Authenticated SQL Injection via Query Functionality
CVSS 8.8
CVE-2023-29245
HIGH
Nozomi Networks Guardian and CMC - SQL Injection
CVSS 8.1
CVE-2023-41387
CRITICAL
flutter_downloader <1.11.1 - SQL Injection
CVSS 9.1
Details
Vulnerabilities
19,737
Exploit Likelihood
High