CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-43144 CRITICAL
Assets-management-system-in-php 1.0 - SQL Injection
CVSS 9.8
CVE-2023-31719 CRITICAL
FUXA <= 1.1.12 - SQL Injection via /api/signin
CVSS 9.8
CVE-2023-31717 HIGH
FUXA <= 1.1.12 - SQL Injection
CVSS 7.5
CVE-2023-34576 CRITICAL
opartfaq < 1.0.4 - SQL Injection via updatepos.php
CVSS 9.8
CVE-2023-42279 CRITICAL
Dreamer CMS 4.1.3 - SQL Injection via Model-Form-Management-Field Form
CVSS 9.8
CVE-2023-42807 MEDIUM
Frappe LMS < 1.0.0 - SQL Injection via People Page
CVSS 6.3
CVE-2023-34577 CRITICAL
planned_popup < 1.4.12 - SQL Injection via OpartPlannedPopupModuleFrontController::prepareHook()
CVSS 9.8
CVE-2023-43274 HIGH
Phpjabbers PHP Shopping Cart 4.2 - SQL Injection
CVSS 7.5
CVE-2023-4292 MEDIUM
Frauscher Sensortechnik GmbH FDS101 - SQL Injection
CVSS 5.3
CVE-2023-39675 CRITICAL
SimpleImportProduct Prestashop Module 6.2.9 - SQL Injection via Key Parameter
CVSS 9.8
CVE-2023-34575 CRITICAL
Op'art Save Cart < 2.0.7 - SQL Injection
CVSS 9.8
CVE-2023-43377 MEDIUM
Hoteldruid 3.0.5 - Stored Cross-Site Scripting via destinatario_email1 Parameter
CVSS 5.4
CVE-2023-43375 CRITICAL
Hoteldruid 3.0.5 - SQL Injection via Multiple POST Parameters
CVSS 9.8
CVE-2023-43374 CRITICAL
Hoteldruid 3.0.5 - SQL Injection via id_utente_log Parameter
CVSS 9.8
CVE-2023-43373 CRITICAL
Hoteldruid 3.0.5 - SQL Injection via n_utente_agg Parameter
CVSS 9.8
CVE-2023-43371 CRITICAL
Hoteldruid 3.0.5 - SQL Injection via numcaselle Parameter
CVSS 9.8
CVE-2023-42660 HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Machine Interface
CVSS 8.8
CVE-2023-40043 HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Web Interface
CVSS 7.2
CVE-2023-40934 HIGH
Nagios XI < 5.11.2 - Authenticated SQL Injection via Host Escalation Notification Settings
CVSS 7.2
CVE-2023-40933 HIGH
Nagios XI < 5.11.2 - Authenticated SQL Injection via ID Parameter in update_banner_message()
CVSS 8.8
CVE-2023-40931 MEDIUM
Nagios XI 5.11.0-5.11.1 - Authenticated SQL Injection via Banner Message ID Parameter
CVSS 6.5
CVE-2023-4092 HIGH
Arconte Aurea 1.5.0.0 - SQL Injection
CVSS 8.8
CVE-2023-2567 HIGH
Nozomi Networks Guardian and CMC < 22.6.3 - Authenticated SQL Injection via Query Functionality
CVSS 8.8
CVE-2023-29245 HIGH
Nozomi Networks Guardian and CMC - SQL Injection
CVSS 8.1
CVE-2023-41387 CRITICAL
flutter_downloader <1.11.1 - SQL Injection
CVSS 9.1
Details
Vulnerabilities 19,737
Exploit Likelihood High