CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-41640 HIGH
GruppoSCAI RealGimm <1.1.37p38 - Info Disclosure
CVSS 8.8
CVE-2023-41636 CRITICAL
GruppoSCAI RealGimm 1.1.37p38 - SQL Injection
CVSS 9.8
CVE-2023-3677 HIGH
WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated SQL Injection via pageId Parameter
CVSS 8.8
CVE-2023-2229 HIGH
Wpspeedx Rduplicator < 2.0 - SQL Injection
CVSS 8.8
CVE-2023-2188 HIGH
Colibri Page Builder <1.0.227 - SQL Injection
CVSS 7.2
CVE-2023-31714 CRITICAL
Chitor-CMS < 1.1.2 - SQL Injection
CVSS 9.8
CVE-2023-41539 HIGH
phpjabbers Business Directory Script 3.2 - SQL Injection
CVSS 7.5
CVE-2023-40787 CRITICAL
SpringBlade 3.6.0 - SQL Injection
CVSS 9.8
CVE-2023-39650 CRITICAL
Theme Volty CMS Blog < 4.0.1 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-39652 CRITICAL
theme_volty_video_tab < 4.0.0 - SQL Injection via TvcmsVideoTabConfirmDeleteModuleFrontController
CVSS 9.8
CVE-2023-39560 CRITICAL
ECTouch v2 - SQL Injection via $arr['id'] Parameter
CVSS 9.8
CVE-2023-40749 CRITICAL
PHPJabbers Food Delivery Script v3.0 - SQL Injection
CVSS 9.8
CVE-2023-40748 CRITICAL
PHPJabbers Food Delivery Script 3.0 - SQL Injection
CVSS 9.8
CVE-2023-4558 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4557 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33852 HIGH
IBM Security Guardium 11.4 - SQL Injection
CVSS 7.6
CVE-2023-4556 MEDIUM
SourceCodester Online Graduate Tracer System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4548 MEDIUM
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
CVSS 6.3
CVE-2023-4545 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Recruit Background Checks Export Parameter
CVSS 6.3
CVE-2023-4543 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Recruit Contact Export Endpoint
CVSS 6.3
CVE-2023-37438 MEDIUM
Aruba EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37437 MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37436 MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37435 MEDIUM
EdgeConnect SD-WAN Orchestrator < 9.3.1 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37434 MEDIUM
EdgeConnect SD-WAN Orchestrator >=9.0.0 <9.0.5 - Authenticated SQL Injection
CVSS 6.5
Details
Vulnerabilities 19,741
Exploit Likelihood High