CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-39361 CRITICAL
Cacti - Unauthenticated SQL Injection via graph_view.php
CVSS 9.8
CVE-2023-39359 HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via site_id Parameter
CVSS 8.8
CVE-2023-39654 CRITICAL
abupy < 0.4.0 - SQL Injection via abupy.MarketBu.ABuSymbol.search_to_symbol_dict
CVSS 9.8
CVE-2023-4531 CRITICAL
Mestav Software E-commerce Software <20230901 - SQL Injection
CVSS 9.8
CVE-2023-4034 CRITICAL
Smartrise Document Mgmt <Hvl-2.0 - SQL Injection
CVSS 9.8
CVE-2023-3616 CRITICAL
Mava Software Hotel Management System <2.0 - SQL Injection
CVSS 9.8
CVE-2023-35072 CRITICAL
Coyav Travel Proagent < 20230904 - SQL Injection
CVSS 9.8
CVE-2023-35068 CRITICAL
BMA Personnel Tracking System < 20230904 - SQL Injection
CVSS 9.8
CVE-2023-35065 CRITICAL
Osoft Paint Production Management < 2.1 - SQL Injection
CVSS 9.8
CVE-2023-36361 CRITICAL
audimexee 14.1.7 - SQL Injection via p_table_name Parameter
CVSS 9.8
CVE-2023-4747 MEDIUM
DedeCMS 5.7.110 - SQL Injection via tag_alias Parameter in tags.php
CVSS 6.3
CVE-2023-4745 MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230822 - SQL Injection
CVSS 6.3
CVE-2023-4742 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard User Export Parameter
CVSS 6.3
CVE-2023-4741 MEDIUM
IBOS OA 4.5.5 - SQL Injection in Delete Logs Handler
CVSS 6.3
CVE-2023-4740 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Delete Draft Handler
CVSS 6.3
CVE-2023-39980 HIGH
MXsecurity < 1.0.1 - SQL Injection
CVSS 7.1
CVE-2023-4713 MEDIUM
IBOS OA 4.5.5 - SQL Injection via touid Parameter in Weibo Comment Add Function
CVSS 5.5
CVE-2023-4712 MEDIUM
Xintian Smart Table Integrated Management System 5.6.9 - SQL Injection via txtRoleName Parameter
CVSS 5.5
CVE-2023-4708 MEDIUM
Clcknshop 1.0.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-40771 HIGH
DataEase 1.18.9 - SQL Injection via Blacklist Bypass
CVSS 7.5
CVE-2023-39582 MEDIUM
Chamilo LMS 1.11-1.11.20 - Authenticated SQL Injection via Import Sessions Function
CVSS 4.9
CVE-2023-36076 CRITICAL
smanga < 3.1.9 - SQL Injection via mediaId, mangaId, and userId Parameters
CVSS 9.8
CVE-2023-40970 HIGH
Senayan Library Management System 9.6.1 - SQL Injection via Loan Rules Module
CVSS 8.8
CVE-2023-41364 CRITICAL
Tine <2023.01.14.325 - SQL Injection
CVSS 9.8
CVE-2023-31171 MEDIUM
Schweitzer Engineering Laboratories SEL-5030 - SQL Injection
CVSS 5.9
Details
Vulnerabilities 19,741
Exploit Likelihood High