CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-40945
CRITICAL
Sourcecodester Doctor Appointment System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-40944
CRITICAL
Schoolmate 1.3 - SQL Injection via $schoolname Variable in header.php
CVSS 9.8
CVE-2023-30058
CRITICAL
novel-plus 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-4872
MEDIUM
SourceCodester Contact Manager App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4871
MEDIUM
SourceCodester Contact Manager App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4867
MEDIUM
Xintian Smart Table Integrated Management System 5.6.9 - SQL Injection
CVSS 6.3
CVE-2023-4866
MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via booking.php id Parameter
CVSS 6.3
CVE-2023-4852
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Database Optimize Endpoint
CVSS 6.3
CVE-2023-4851
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Position Edit Endpoint
CVSS 6.3
CVE-2023-4850
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Position Delete Endpoint
CVSS 6.3
CVE-2023-4849
MEDIUM
IBOS OA 4.5.5 - SQL Injection via fids Parameter in Dashboard Trash Deletion
CVSS 6.3
CVE-2023-4848
MEDIUM
SourceCodester Simple Book Catalog App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4846
MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4845
MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4844
MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-42268
CRITICAL
jeecg_boot < 3.5.3 - SQL Injection via /jeecg-boot/jmreport/show
CVSS 9.8
CVE-2023-41615
CRITICAL
Zoo Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-41594
HIGH
Dairy Farm Shop Management System <1.1 - SQL Injection
CVSS 7.5
CVE-2023-39423
HIGH
ResortData Internet Reservation Module Next Generation - SQL Injection via /irmdata/api/common Endpoint
CVSS 8.6
CVE-2023-41328
MEDIUM
Frappe <13.46.1, <14.20.0 - SQL Injection
CVSS 4.2
CVE-2023-4485
CRITICAL
ARDEREG Sistema SCADA Central <= 2.203 - Unauthenticated Blind SQL Injection via Login Page
CVSS 9.8
CVE-2023-41507
CRITICAL
Super Store Finder <3.6 - SQL Injection
CVSS 9.8
CVE-2023-39365
MEDIUM
Cacti < 1.2.25 - SQL Injection via External Links Feature
CVSS 4.6
CVE-2023-39358
HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via reports_user.php tree_id Parameter
CVSS 8.8
CVE-2023-39357
HIGH
Cacti - Authenticated SQL Injection and Remote Code Execution via sql_save Function
CVSS 8.8
Details
Vulnerabilities
19,741
Exploit Likelihood
High