CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-4831 CRITICAL
Ncode Ncep <20230914 - SQL Injection
CVSS 9.8
CVE-2023-4670 CRITICAL
Innosa Probbys < 2 - SQL Injection
CVSS 9.8
CVE-2023-4231 CRITICAL
Cevik Informatics Online Payment System <4.09 - SQL Injection
CVSS 9.8
CVE-2023-4830 CRITICAL
Tura Signalix 7T_0228 - SQL Injection
CVSS 9.8
CVE-2023-4673 CRITICAL
Sanalogy Turasistan < 20230911 - SQL Injection
CVSS 9.8
CVE-2023-4974 MEDIUM
Academy LMS 6.2 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-39643 CRITICAL
Bl Modules xmlfeeds_pro < 3.9.8 - SQL Injection via SearchApiXml::Xmlfeeds()
CVSS 9.8
CVE-2023-40958 HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-40957 HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-40956 HIGH
Cloudroits Website Job Search <15.0 - SQL Injection
CVSS 8.8
CVE-2023-40955 HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-39642 CRITICAL
Carts Guru cartsguru < 2.4.3 - SQL Injection via CartsGuruCatalogModuleFrontController::display()
CVSS 9.8
CVE-2023-39641 CRITICAL
Active Design Full Affiliates < 1.9.8 - SQL Injection via PsaffiliateGetaffiliatesdetailsModuleFrontController
CVSS 9.8
CVE-2023-39639 CRITICAL
leotheme leoblog < 3.1.2 - SQL Injection via LeoBlogBlog::getListBlogs
CVSS 9.8
CVE-2023-42405 CRITICAL
FIT2CLOUD RackShift v1.7.1 - SQL Injection via sort Parameter
CVSS 9.8
CVE-2023-38891 HIGH
Vtiger CRM <7.5.0 - Privilege Escalation
CVSS 8.8
CVE-2023-38912 CRITICAL
Super Store Finder PHP Script <3.6 - RCE
CVSS 9.8
CVE-2023-4766 CRITICAL
Movus < 20230913 - SQL Injection
CVSS 9.8
CVE-2023-4832 CRITICAL
Aceka Company Management <3072 - SQL Injection
CVSS 9.8
CVE-2023-42178 MEDIUM
lenosp 1.0.0-1.2.0 - SQL Injection via Log Query Module
CVSS 6.5
CVE-2023-4928 HIGH
instantcms icms2 < 2.16.1 - SQL Injection
CVSS 7.2
CVE-2023-21521 HIGH
BlackBerry AtHoc 7.15 - SQL Injection
CVSS 7.2
CVE-2023-4899 HIGH
mintplex-labs/anything-llm <0.0.1 - SQL Injection
CVSS 8.8
CVE-2023-35683 MEDIUM
Android - SQL Injection in DatabaseUtils.java
CVSS 5.5
CVE-2023-40946 CRITICAL
Schoolmate 1.3 - SQL Injection via SESSION Username Variable
CVSS 9.8
Details
Vulnerabilities 19,741
Exploit Likelihood High