CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-4831
CRITICAL
Ncode Ncep <20230914 - SQL Injection
CVSS 9.8
CVE-2023-4670
CRITICAL
Innosa Probbys < 2 - SQL Injection
CVSS 9.8
CVE-2023-4231
CRITICAL
Cevik Informatics Online Payment System <4.09 - SQL Injection
CVSS 9.8
CVE-2023-4830
CRITICAL
Tura Signalix 7T_0228 - SQL Injection
CVSS 9.8
CVE-2023-4673
CRITICAL
Sanalogy Turasistan < 20230911 - SQL Injection
CVSS 9.8
CVE-2023-4974
MEDIUM
Academy LMS 6.2 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-39643
CRITICAL
Bl Modules xmlfeeds_pro < 3.9.8 - SQL Injection via SearchApiXml::Xmlfeeds()
CVSS 9.8
CVE-2023-40958
HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-40957
HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-40956
HIGH
Cloudroits Website Job Search <15.0 - SQL Injection
CVSS 8.8
CVE-2023-40955
HIGH
Didotech srl Engineering & Lifecycle Management <16.0 - SQL Injection
CVSS 8.8
CVE-2023-39642
CRITICAL
Carts Guru cartsguru < 2.4.3 - SQL Injection via CartsGuruCatalogModuleFrontController::display()
CVSS 9.8
CVE-2023-39641
CRITICAL
Active Design Full Affiliates < 1.9.8 - SQL Injection via PsaffiliateGetaffiliatesdetailsModuleFrontController
CVSS 9.8
CVE-2023-39639
CRITICAL
leotheme leoblog < 3.1.2 - SQL Injection via LeoBlogBlog::getListBlogs
CVSS 9.8
CVE-2023-42405
CRITICAL
FIT2CLOUD RackShift v1.7.1 - SQL Injection via sort Parameter
CVSS 9.8
CVE-2023-38891
HIGH
Vtiger CRM <7.5.0 - Privilege Escalation
CVSS 8.8
CVE-2023-38912
CRITICAL
Super Store Finder PHP Script <3.6 - RCE
CVSS 9.8
CVE-2023-4766
CRITICAL
Movus < 20230913 - SQL Injection
CVSS 9.8
CVE-2023-4832
CRITICAL
Aceka Company Management <3072 - SQL Injection
CVSS 9.8
CVE-2023-42178
MEDIUM
lenosp 1.0.0-1.2.0 - SQL Injection via Log Query Module
CVSS 6.5
CVE-2023-4928
HIGH
instantcms icms2 < 2.16.1 - SQL Injection
CVSS 7.2
CVE-2023-21521
HIGH
BlackBerry AtHoc 7.15 - SQL Injection
CVSS 7.2
CVE-2023-4899
HIGH
mintplex-labs/anything-llm <0.0.1 - SQL Injection
CVSS 8.8
CVE-2023-35683
MEDIUM
Android - SQL Injection in DatabaseUtils.java
CVSS 5.5
CVE-2023-40946
CRITICAL
Schoolmate 1.3 - SQL Injection via SESSION Username Variable
CVSS 9.8
Details
Vulnerabilities
19,741
Exploit Likelihood
High