CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,741 vulnerabilities with CWE-89
CVE-2023-31944
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31943
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31940
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31939
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31938
HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-38905
MEDIUM
jeecg_boot < 3.5.0 - SQL Injection via Multiple Functions
CVSS 5.5
CVE-2023-38838
HIGH
Kidus Minimati 1.0.0 - Info Disclosure
CVSS 7.5
CVE-2023-20211
HIGH
Cisco Unified Communications Manager - Authenticated SQL Injection
CVSS 8.1
CVE-2023-33663
CRITICAL
aicustomfee < 0.2.1 - SQL Injection
CVSS 9.8
CVE-2023-0579
HIGH
YARPP < 5.30.3 - Authenticated SQL Injection via Shortcode Attributes
CVSS 8.8
CVE-2023-39851
CRITICAL
webchess v1.0 - SQL Injection via $playerID Parameter
CVSS 9.8
CVE-2023-39850
CRITICAL
Schoolmate 1.3 - SQL Injection via DeleteFunctions.php Courseid and Teacherid Parameters
CVSS 9.8
CVE-2023-39852
CRITICAL
doctor_appointment_system v1.0 - SQL Injection via $userid Parameter
CVSS 9.8
CVE-2023-38916
HIGH
eVotingSystem-PHP 1.0 - SQL Injection
CVSS 8.8
CVE-2023-39292
CRITICAL
MiVoice Office 400 SMB Controller < 1.2.5.23 - SQL Injection
CVSS 9.8
CVE-2023-37847
CRITICAL
novel-plus 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-39417
HIGH
PostgreSQL >=11.0 <11.21 - SQL Injection via Extension Script Quoting Constructs
CVSS 7.5
CVE-2023-3864
HIGH
Snow Software License Manager <9.30.1 - SQL Injection
CVSS 7.2
CVE-2023-40254
HIGH
Genian NAC 4.0.0-4.0.155, 5.0.0-5.0.42; Suite 5.0.0-5.0.54; ZTNA 6.0.0-6.0.15 - Code Download Without Integrity Check
CVSS 7.5
CVE-2023-39806
CRITICAL
idreamsoft iCMS 7.0.16 - SQL Injection via Backup Data Function
CVSS 9.8
CVE-2023-39805
CRITICAL
iCMS 7.0.16 - SQL Injection via where Parameter
CVSS 9.8
CVE-2023-36311
CRITICAL
PHPJabbers Document Creator <1.0 - SQL Injection
CVSS 9.8
CVE-2023-37069
CRITICAL
Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields
CVSS 9.8
CVE-2023-37068
CRITICAL
Gym Management System V1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2023-34545
CRITICAL
CSZCMS 1.3.0 - SQL Injection via p Parameter or Search URL
CVSS 9.8
Details
Vulnerabilities
19,741
Exploit Likelihood
High