CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-39361
CRITICAL
Cacti - Unauthenticated SQL Injection via graph_view.php
CVSS 9.8
CVE-2023-39359
HIGH
Cacti < 1.2.25 - Authenticated SQL Injection via site_id Parameter
CVSS 8.8
CVE-2023-39654
CRITICAL
abupy < 0.4.0 - SQL Injection via abupy.MarketBu.ABuSymbol.search_to_symbol_dict
CVSS 9.8
CVE-2023-4531
CRITICAL
Mestav Software E-commerce Software <20230901 - SQL Injection
CVSS 9.8
CVE-2023-4034
CRITICAL
Smartrise Document Mgmt <Hvl-2.0 - SQL Injection
CVSS 9.8
CVE-2023-3616
CRITICAL
Mava Software Hotel Management System <2.0 - SQL Injection
CVSS 9.8
CVE-2023-35072
CRITICAL
Coyav Travel Proagent < 20230904 - SQL Injection
CVSS 9.8
CVE-2023-35068
CRITICAL
BMA Personnel Tracking System < 20230904 - SQL Injection
CVSS 9.8
CVE-2023-35065
CRITICAL
Osoft Paint Production Management < 2.1 - SQL Injection
CVSS 9.8
CVE-2023-36361
CRITICAL
audimexee 14.1.7 - SQL Injection via p_table_name Parameter
CVSS 9.8
CVE-2023-4747
MEDIUM
DedeCMS 5.7.110 - SQL Injection via tag_alias Parameter in tags.php
CVSS 6.3
CVE-2023-4745
MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230822 - SQL Injection
CVSS 6.3
CVE-2023-4742
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Dashboard User Export Parameter
CVSS 6.3
CVE-2023-4741
MEDIUM
IBOS OA 4.5.5 - SQL Injection in Delete Logs Handler
CVSS 6.3
CVE-2023-4740
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Delete Draft Handler
CVSS 6.3
CVE-2023-39980
HIGH
MXsecurity < 1.0.1 - SQL Injection
CVSS 7.1
CVE-2023-4713
MEDIUM
IBOS OA 4.5.5 - SQL Injection via touid Parameter in Weibo Comment Add Function
CVSS 5.5
CVE-2023-4712
MEDIUM
Xintian Smart Table Integrated Management System 5.6.9 - SQL Injection via txtRoleName Parameter
CVSS 5.5
CVE-2023-4708
MEDIUM
Clcknshop 1.0.0 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-40771
HIGH
DataEase 1.18.9 - SQL Injection via Blacklist Bypass
CVSS 7.5
CVE-2023-39582
MEDIUM
Chamilo LMS 1.11-1.11.20 - Authenticated SQL Injection via Import Sessions Function
CVSS 4.9
CVE-2023-36076
CRITICAL
smanga < 3.1.9 - SQL Injection via mediaId, mangaId, and userId Parameters
CVSS 9.8
CVE-2023-40970
HIGH
Senayan Library Management System 9.6.1 - SQL Injection via Loan Rules Module
CVSS 8.8
CVE-2023-41364
CRITICAL
Tine <2023.01.14.325 - SQL Injection
CVSS 9.8
CVE-2023-31171
MEDIUM
Schweitzer Engineering Laboratories SEL-5030 - SQL Injection
CVSS 5.9
Details
Vulnerabilities
19,741
Exploit Likelihood
High