CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,737 vulnerabilities with CWE-89
CVE-2023-41443
HIGH
Novel-Plus 4.1.0 - SQL Injection via Sort Parameter
CVSS 7.2
CVE-2023-42359
CRITICAL
Exam Form Submission in PHP with Source Code 1.0 - SQL Injection via val-username Parameter
CVSS 9.8
CVE-2023-5033
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via Category Edit ID Parameter
CVSS 6.3
CVE-2023-5032
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via article-edit-run.php id Parameter
CVSS 6.3
CVE-2023-35851
HIGH
SUNNET WMPro - Unauthenticated SQL Injection via FAQ Function
CVSS 7.5
CVE-2023-5031
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via /admin/article/article-add.php id Parameter
CVSS 6.3
CVE-2023-5030
MEDIUM
Tongda OA < 11.10 - SQL Injection via PLAN_ID Parameter in general/hr/recruit/plan/delete.php
CVSS 5.5
CVE-2023-5029
MEDIUM
mccms 2.6 - SQL Injection via /category/order/hits/copyright/46/finish/1/list/1
CVSS 5.5
CVE-2023-5027
MEDIUM
Simple Membership System 1.0 - SQL Injection via club Parameter in club_validator.php
CVSS 6.3
CVE-2023-5023
MEDIUM
Tongda OA 2017 - SQL Injection via RELATIVES_ID Parameter
CVSS 5.5
CVE-2023-5020
HIGH
07FLY CRM V2 - SQL Injection via Administrator Login Page Account Parameter
CVSS 7.3
CVE-2023-5019
MEDIUM
Tongda OA < 11.10 - SQL Injection via REINSTATEMENT_ID Parameter
CVSS 6.3
CVE-2023-5018
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection via POST Parameter Handler
CVSS 6.3
CVE-2023-5017
MEDIUM
lmxcms < 1.41 - SQL Injection via admin.php lid Parameter
CVSS 5.5
CVE-2023-5014
MEDIUM
Food Ordering Website 1.0 - SQL Injection via categoryfood.php id Parameter
CVSS 6.3
CVE-2023-41887
CRITICAL
OpenRefine < 3.7.5 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-41886
HIGH
OpenRefine < 3.7.5 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2023-4987
MEDIUM
infinitietech taskhub 2.8.7 - SQL Injection via GET Parameter Handler
CVSS 5.5
CVE-2023-4835
CRITICAL
CF Software Oil Management Software <20230912 - SQL Injection
CVSS 9.8
CVE-2023-4833
CRITICAL
Besttem Network Marketing Software <1.0.2309.6 - SQL Injection
CVSS 9.8
CVE-2023-4661
CRITICAL
Saphira Connect < 9 - SQL Injection
CVSS 9.8
CVE-2023-4831
CRITICAL
Ncode Ncep <20230914 - SQL Injection
CVSS 9.8
CVE-2023-4670
CRITICAL
Innosa Probbys < 2 - SQL Injection
CVSS 9.8
CVE-2023-4231
CRITICAL
Cevik Informatics Online Payment System <4.09 - SQL Injection
CVSS 9.8
CVE-2023-4830
CRITICAL
Tura Signalix 7T_0228 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,737
Exploit Likelihood
High