CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,737 vulnerabilities with CWE-89
CVE-2023-41443 HIGH
Novel-Plus 4.1.0 - SQL Injection via Sort Parameter
CVSS 7.2
CVE-2023-42359 CRITICAL
Exam Form Submission in PHP with Source Code 1.0 - SQL Injection via val-username Parameter
CVSS 9.8
CVE-2023-5033 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via Category Edit ID Parameter
CVSS 6.3
CVE-2023-5032 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via article-edit-run.php id Parameter
CVSS 6.3
CVE-2023-35851 HIGH
SUNNET WMPro - Unauthenticated SQL Injection via FAQ Function
CVSS 7.5
CVE-2023-5031 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via /admin/article/article-add.php id Parameter
CVSS 6.3
CVE-2023-5030 MEDIUM
Tongda OA < 11.10 - SQL Injection via PLAN_ID Parameter in general/hr/recruit/plan/delete.php
CVSS 5.5
CVE-2023-5029 MEDIUM
mccms 2.6 - SQL Injection via /category/order/hits/copyright/46/finish/1/list/1
CVSS 5.5
CVE-2023-5027 MEDIUM
Simple Membership System 1.0 - SQL Injection via club Parameter in club_validator.php
CVSS 6.3
CVE-2023-5023 MEDIUM
Tongda OA 2017 - SQL Injection via RELATIVES_ID Parameter
CVSS 5.5
CVE-2023-5020 HIGH
07FLY CRM V2 - SQL Injection via Administrator Login Page Account Parameter
CVSS 7.3
CVE-2023-5019 MEDIUM
Tongda OA < 11.10 - SQL Injection via REINSTATEMENT_ID Parameter
CVSS 6.3
CVE-2023-5018 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2023-5017 MEDIUM
lmxcms < 1.41 - SQL Injection via admin.php lid Parameter
CVSS 5.5
CVE-2023-5014 MEDIUM
Food Ordering Website 1.0 - SQL Injection via categoryfood.php id Parameter
CVSS 6.3
CVE-2023-41887 CRITICAL
OpenRefine < 3.7.5 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-41886 HIGH
OpenRefine < 3.7.5 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2023-4987 MEDIUM
infinitietech taskhub 2.8.7 - SQL Injection via GET Parameter Handler
CVSS 5.5
CVE-2023-4835 CRITICAL
CF Software Oil Management Software <20230912 - SQL Injection
CVSS 9.8
CVE-2023-4833 CRITICAL
Besttem Network Marketing Software <1.0.2309.6 - SQL Injection
CVSS 9.8
CVE-2023-4661 CRITICAL
Saphira Connect < 9 - SQL Injection
CVSS 9.8
CVE-2023-4831 CRITICAL
Ncode Ncep <20230914 - SQL Injection
CVSS 9.8
CVE-2023-4670 CRITICAL
Innosa Probbys < 2 - SQL Injection
CVSS 9.8
CVE-2023-4231 CRITICAL
Cevik Informatics Online Payment System <4.09 - SQL Injection
CVSS 9.8
CVE-2023-4830 CRITICAL
Tura Signalix 7T_0228 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,737
Exploit Likelihood High