CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-40945 CRITICAL
Sourcecodester Doctor Appointment System 1.0 - SQL Injection
CVSS 9.8
CVE-2023-40944 CRITICAL
Schoolmate 1.3 - SQL Injection via $schoolname Variable in header.php
CVSS 9.8
CVE-2023-30058 CRITICAL
novel-plus 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-4872 MEDIUM
SourceCodester Contact Manager App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4871 MEDIUM
SourceCodester Contact Manager App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4867 MEDIUM
Xintian Smart Table Integrated Management System 5.6.9 - SQL Injection
CVSS 6.3
CVE-2023-4866 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via booking.php id Parameter
CVSS 6.3
CVE-2023-4852 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Database Optimize Endpoint
CVSS 6.3
CVE-2023-4851 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Position Edit Endpoint
CVSS 6.3
CVE-2023-4850 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard Position Delete Endpoint
CVSS 6.3
CVE-2023-4849 MEDIUM
IBOS OA 4.5.5 - SQL Injection via fids Parameter in Dashboard Trash Deletion
CVSS 6.3
CVE-2023-4848 MEDIUM
SourceCodester Simple Book Catalog App 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4846 MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4845 MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4844 MEDIUM
SourceCodester Simple Membership System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-42268 CRITICAL
jeecg_boot < 3.5.3 - SQL Injection via /jeecg-boot/jmreport/show
CVSS 9.8
CVE-2023-41615 CRITICAL
Zoo Management System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-41594 HIGH
Dairy Farm Shop Management System <1.1 - SQL Injection
CVSS 7.5
CVE-2023-39423 HIGH
ResortData Internet Reservation Module Next Generation - SQL Injection via /irmdata/api/common Endpoint
CVSS 8.6
CVE-2023-41328 MEDIUM
Frappe <13.46.1, <14.20.0 - SQL Injection
CVSS 4.2
CVE-2023-4485 CRITICAL
ARDEREG Sistema SCADA Central <= 2.203 - Unauthenticated Blind SQL Injection via Login Page
CVSS 9.8
CVE-2023-41507 CRITICAL
Super Store Finder <3.6 - SQL Injection
CVSS 9.8
CVE-2023-39365 MEDIUM
Cacti < 1.2.25 - SQL Injection via External Links Feature
CVSS 4.6
CVE-2023-39358 HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via reports_user.php tree_id Parameter
CVSS 8.8
CVE-2023-39357 HIGH
Cacti - Authenticated SQL Injection and Remote Code Execution via sql_save Function
CVSS 8.8
Details
Vulnerabilities 19,741
Exploit Likelihood High