CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-37433 MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37432 MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37431 MEDIUM
EdgeConnect SD-WAN Orchestrator >=9.0.0 <9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37430 MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37429 MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-23563 MEDIUM
Geomatika IsiGeo Web 6.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-38899 HIGH
berkaygediz O_Blog <1.0 - Privilege Escalation
CVSS 7.8
CVE-2023-39939 CRITICAL
LuxCal Web Calendar < 5.2.3m - Unauthenticated SQL Injection
CVSS 9.1
CVE-2023-4449 MEDIUM
SourceCodester Free and Open Source Inventory Management System 1.0 - SQL Injection via columns[0][data] Parameter
CVSS 6.3
CVE-2023-4447 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via admin/article-chat.php id Parameter
CVSS 6.3
CVE-2023-4446 MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via Category ID Parameter
CVSS 5.5
CVE-2023-4445 MEDIUM
mini-tmall < 2023-08-11 - SQL Injection via orderBy Parameter
CVSS 6.3
CVE-2023-4444 MEDIUM
Free Hospital Management System 1.0 - SQL Injection via edit-user.php Parameters
CVSS 6.3
CVE-2023-4443 MEDIUM
Free Hospital Management System 1.0/5.0.12 - SQL Injection via vm/doctor/edit-doc.php
CVSS 6.3
CVE-2023-39807 CRITICAL
Nvki Intelligent Broadband Subscriber Gateway - SQL Injection
CVSS 9.8
CVE-2023-4442 MEDIUM
Free Hospital Management System 1.0 - SQL Injection via booking-complete.php
CVSS 6.3
CVE-2023-4441 MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via sheduledate Parameter
CVSS 6.3
CVE-2023-4440 MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via sheduledate Parameter
CVSS 6.3
CVE-2023-4438 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via customer Parameter
CVSS 6.3
CVE-2023-4437 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via customer Parameter
CVSS 6.3
CVE-2023-4436 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via user_id Parameter
CVSS 6.3
CVE-2023-38839 HIGH
Kidus Minimati <1.0.0 - SQL Injection
CVSS 7.5
CVE-2023-38890 HIGH
Online Shopping Portal Project 3.1 - SQL Injection
CVSS 8.8
CVE-2023-4407 MEDIUM
Credit Lite 1.5.4 - SQL Injection via POST Request Handler
CVSS 6.3
CVE-2023-31945 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
Details
Vulnerabilities 19,741
Exploit Likelihood High