CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-41640
HIGH
GruppoSCAI RealGimm <1.1.37p38 - Info Disclosure
CVSS 8.8
CVE-2023-41636
CRITICAL
GruppoSCAI RealGimm 1.1.37p38 - SQL Injection
CVSS 9.8
CVE-2023-3677
HIGH
WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated SQL Injection via pageId Parameter
CVSS 8.8
CVE-2023-2229
HIGH
Wpspeedx Rduplicator < 2.0 - SQL Injection
CVSS 8.8
CVE-2023-2188
HIGH
Colibri Page Builder <1.0.227 - SQL Injection
CVSS 7.2
CVE-2023-31714
CRITICAL
Chitor-CMS < 1.1.2 - SQL Injection
CVSS 9.8
CVE-2023-41539
HIGH
phpjabbers Business Directory Script 3.2 - SQL Injection
CVSS 7.5
CVE-2023-40787
CRITICAL
SpringBlade 3.6.0 - SQL Injection
CVSS 9.8
CVE-2023-39650
CRITICAL
Theme Volty CMS Blog < 4.0.1 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-39652
CRITICAL
theme_volty_video_tab < 4.0.0 - SQL Injection via TvcmsVideoTabConfirmDeleteModuleFrontController
CVSS 9.8
CVE-2023-39560
CRITICAL
ECTouch v2 - SQL Injection via $arr['id'] Parameter
CVSS 9.8
CVE-2023-40749
CRITICAL
PHPJabbers Food Delivery Script v3.0 - SQL Injection
CVSS 9.8
CVE-2023-40748
CRITICAL
PHPJabbers Food Delivery Script 3.0 - SQL Injection
CVSS 9.8
CVE-2023-4558
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4557
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33852
HIGH
IBM Security Guardium 11.4 - SQL Injection
CVSS 7.6
CVE-2023-4556
MEDIUM
SourceCodester Online Graduate Tracer System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4548
MEDIUM
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
CVSS 6.3
CVE-2023-4545
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Recruit Background Checks Export Parameter
CVSS 6.3
CVE-2023-4543
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Recruit Contact Export Endpoint
CVSS 6.3
CVE-2023-37438
MEDIUM
Aruba EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37437
MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37436
MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37435
MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37434
MEDIUM
EdgeConnect SD-WAN Orchestrator >=9.0.0 <9.0.5 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities
19,741
Exploit Likelihood
High