CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,747 vulnerabilities with CWE-89
CVE-2023-39806 CRITICAL
idreamsoft iCMS 7.0.16 - SQL Injection via Backup Data Function
CVSS 9.8
CVE-2023-39805 CRITICAL
iCMS 7.0.16 - SQL Injection via where Parameter
CVSS 9.8
CVE-2023-36311 CRITICAL
PHPJabbers Document Creator <1.0 - SQL Injection
CVSS 9.8
CVE-2023-37069 CRITICAL
Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields
CVSS 9.8
CVE-2023-37068 CRITICAL
Gym Management System V1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2023-34545 CRITICAL
CSZCMS 1.3.0 - SQL Injection via p Parameter or Search URL
CVSS 9.8
CVE-2023-23574 HIGH
Nozomi Networks CMC and Guardian < 22.6.2 - Authenticated Blind SQL Injection in Alerts Count Component
CVSS 8.8
CVE-2023-22378 HIGH
Nozomi Networks Guardian & CMC - SQL Injection
CVSS 8.8
CVE-2023-3522 CRITICAL
a2 License Portal <1.48 - SQL Injection
CVSS 9.8
CVE-2023-3386 CRITICAL
a2 Camera Trap Tracking System <3.1905 - SQL Injection
CVSS 9.8
CVE-2023-38773 HIGH
ChurchCRM 5.0.0 - SQL Injection via volopp1 and volopp2 Parameters
CVSS 7.5
CVE-2023-38771 HIGH
ChurchCRM 5.0.0 - SQL Injection via volopp Parameter in QueryView.php
CVSS 7.5
CVE-2023-38770 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Group Parameter
CVSS 7.5
CVE-2023-38769 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php searchstring and searchwhat Parameters
CVSS 7.5
CVE-2023-38768 HIGH
ChurchCRM 5.0.0 - SQL Injection via PropertyID Parameter in QueryView.php
CVSS 7.5
CVE-2023-38767 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Parameters
CVSS 7.5
CVE-2023-38765 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php membermonth Parameter
CVSS 7.5
CVE-2023-38764 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php birthmonth and percls Parameters
CVSS 7.5
CVE-2023-38763 MEDIUM
ChurchCRM 5.0.0 - SQL Injection via FundRaiserID Parameter
CVSS 6.5
CVE-2023-38762 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php friendmonths Parameter
CVSS 7.5
CVE-2023-38760 HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Role and Gender Parameters
CVSS 7.5
CVE-2023-3651 CRITICAL
Digital Ant E-Commerce Software < 11 - SQL Injection
CVSS 9.8
CVE-2023-4219 HIGH
SourceCodester Doctors Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-3716 CRITICAL
Oduyo Online Collection Software < 1.0.1 - SQL Injection
CVSS 9.8
CVE-2023-37687 HIGH
Online Nurse Hiring System 1.0 - Stored Cross-Site Scripting in Admin View Request Page
CVSS 7.2
Details
Vulnerabilities 19,747
Exploit Likelihood High