CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,741 vulnerabilities with CWE-89
CVE-2023-31944 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31943 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31940 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31939 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-31938 HIGH
Online Travel Agency System <1.0 - RCE
CVSS 7.2
CVE-2023-38905 MEDIUM
jeecg_boot < 3.5.0 - SQL Injection via Multiple Functions
CVSS 5.5
CVE-2023-38838 HIGH
Kidus Minimati 1.0.0 - Info Disclosure
CVSS 7.5
CVE-2023-20211 HIGH
Cisco Unified Communications Manager - Authenticated SQL Injection
CVSS 8.1
CVE-2023-33663 CRITICAL
aicustomfee < 0.2.1 - SQL Injection
CVSS 9.8
CVE-2023-0579 HIGH
YARPP < 5.30.3 - Authenticated SQL Injection via Shortcode Attributes
CVSS 8.8
CVE-2023-39851 CRITICAL
webchess v1.0 - SQL Injection via $playerID Parameter
CVSS 9.8
CVE-2023-39850 CRITICAL
Schoolmate 1.3 - SQL Injection via DeleteFunctions.php Courseid and Teacherid Parameters
CVSS 9.8
CVE-2023-39852 CRITICAL
doctor_appointment_system v1.0 - SQL Injection via $userid Parameter
CVSS 9.8
CVE-2023-38916 HIGH
eVotingSystem-PHP 1.0 - SQL Injection
CVSS 8.8
CVE-2023-39292 CRITICAL
MiVoice Office 400 SMB Controller < 1.2.5.23 - SQL Injection
CVSS 9.8
CVE-2023-37847 CRITICAL
novel-plus 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-39417 HIGH
PostgreSQL >=11.0 <11.21 - SQL Injection via Extension Script Quoting Constructs
CVSS 7.5
CVE-2023-3864 HIGH
Snow Software License Manager <9.30.1 - SQL Injection
CVSS 7.2
CVE-2023-40254 HIGH
Genian NAC 4.0.0-4.0.155, 5.0.0-5.0.42; Suite 5.0.0-5.0.54; ZTNA 6.0.0-6.0.15 - Code Download Without Integrity Check
CVSS 7.5
CVE-2023-39806 CRITICAL
idreamsoft iCMS 7.0.16 - SQL Injection via Backup Data Function
CVSS 9.8
CVE-2023-39805 CRITICAL
iCMS 7.0.16 - SQL Injection via where Parameter
CVSS 9.8
CVE-2023-36311 CRITICAL
PHPJabbers Document Creator <1.0 - SQL Injection
CVSS 9.8
CVE-2023-37069 CRITICAL
Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields
CVSS 9.8
CVE-2023-37068 CRITICAL
Gym Management System V1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2023-34545 CRITICAL
CSZCMS 1.3.0 - SQL Injection via p Parameter or Search URL
CVSS 9.8
Details
Vulnerabilities 19,741
Exploit Likelihood High