CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-37433
MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37432
MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37431
MEDIUM
EdgeConnect SD-WAN Orchestrator >=9.0.0 <9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37430
MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.4 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-37429
MEDIUM
EdgeConnect SD-WAN Orchestrator 9.0.0-9.0.5 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-23563
MEDIUM
Geomatika IsiGeo Web 6.0 - Authenticated SQL Injection
CVSS 6.5
CVE-2023-38899
HIGH
berkaygediz O_Blog <1.0 - Privilege Escalation
CVSS 7.8
CVE-2023-39939
CRITICAL
LuxCal Web Calendar < 5.2.3m - Unauthenticated SQL Injection
CVSS 9.1
CVE-2023-4449
MEDIUM
SourceCodester Free and Open Source Inventory Management System 1.0 - SQL Injection via columns[0][data] Parameter
CVSS 6.3
CVE-2023-4447
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via admin/article-chat.php id Parameter
CVSS 6.3
CVE-2023-4446
MEDIUM
OpenRapid RapidCMS 1.3.1 - SQL Injection via Category ID Parameter
CVSS 5.5
CVE-2023-4445
MEDIUM
mini-tmall < 2023-08-11 - SQL Injection via orderBy Parameter
CVSS 6.3
CVE-2023-4444
MEDIUM
Free Hospital Management System 1.0 - SQL Injection via edit-user.php Parameters
CVSS 6.3
CVE-2023-4443
MEDIUM
Free Hospital Management System 1.0/5.0.12 - SQL Injection via vm/doctor/edit-doc.php
CVSS 6.3
CVE-2023-39807
CRITICAL
Nvki Intelligent Broadband Subscriber Gateway - SQL Injection
CVSS 9.8
CVE-2023-4442
MEDIUM
Free Hospital Management System 1.0 - SQL Injection via booking-complete.php
CVSS 6.3
CVE-2023-4441
MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via sheduledate Parameter
CVSS 6.3
CVE-2023-4440
MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via sheduledate Parameter
CVSS 6.3
CVE-2023-4438
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via customer Parameter
CVSS 6.3
CVE-2023-4437
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via customer Parameter
CVSS 6.3
CVE-2023-4436
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via user_id Parameter
CVSS 6.3
CVE-2023-38839
HIGH
Kidus Minimati <1.0.0 - SQL Injection
CVSS 7.5
CVE-2023-38890
HIGH
Online Shopping Portal Project 3.1 - SQL Injection
CVSS 8.8
CVE-2023-4407
MEDIUM
Credit Lite 1.5.4 - SQL Injection via POST Request Handler
CVSS 6.3
CVE-2023-31945
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
Details
Vulnerabilities
19,741
Exploit Likelihood
High