CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,747 vulnerabilities with CWE-89
CVE-2023-39806
CRITICAL
idreamsoft iCMS 7.0.16 - SQL Injection via Backup Data Function
CVSS 9.8
CVE-2023-39805
CRITICAL
iCMS 7.0.16 - SQL Injection via where Parameter
CVSS 9.8
CVE-2023-36311
CRITICAL
PHPJabbers Document Creator <1.0 - SQL Injection
CVSS 9.8
CVE-2023-37069
CRITICAL
Online Hospital Management System V1.0 - SQL Injection via Login ID and Password Fields
CVSS 9.8
CVE-2023-37068
CRITICAL
Gym Management System V1.0 - SQL Injection via Login Form
CVSS 9.8
CVE-2023-34545
CRITICAL
CSZCMS 1.3.0 - SQL Injection via p Parameter or Search URL
CVSS 9.8
CVE-2023-23574
HIGH
Nozomi Networks CMC and Guardian < 22.6.2 - Authenticated Blind SQL Injection in Alerts Count Component
CVSS 8.8
CVE-2023-22378
HIGH
Nozomi Networks Guardian & CMC - SQL Injection
CVSS 8.8
CVE-2023-3522
CRITICAL
a2 License Portal <1.48 - SQL Injection
CVSS 9.8
CVE-2023-3386
CRITICAL
a2 Camera Trap Tracking System <3.1905 - SQL Injection
CVSS 9.8
CVE-2023-38773
HIGH
ChurchCRM 5.0.0 - SQL Injection via volopp1 and volopp2 Parameters
CVSS 7.5
CVE-2023-38771
HIGH
ChurchCRM 5.0.0 - SQL Injection via volopp Parameter in QueryView.php
CVSS 7.5
CVE-2023-38770
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Group Parameter
CVSS 7.5
CVE-2023-38769
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php searchstring and searchwhat Parameters
CVSS 7.5
CVE-2023-38768
HIGH
ChurchCRM 5.0.0 - SQL Injection via PropertyID Parameter in QueryView.php
CVSS 7.5
CVE-2023-38767
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Parameters
CVSS 7.5
CVE-2023-38765
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php membermonth Parameter
CVSS 7.5
CVE-2023-38764
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php birthmonth and percls Parameters
CVSS 7.5
CVE-2023-38763
MEDIUM
ChurchCRM 5.0.0 - SQL Injection via FundRaiserID Parameter
CVSS 6.5
CVE-2023-38762
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php friendmonths Parameter
CVSS 7.5
CVE-2023-38760
HIGH
ChurchCRM 5.0.0 - SQL Injection via QueryView.php Role and Gender Parameters
CVSS 7.5
CVE-2023-3651
CRITICAL
Digital Ant E-Commerce Software < 11 - SQL Injection
CVSS 9.8
CVE-2023-4219
HIGH
SourceCodester Doctors Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-3716
CRITICAL
Oduyo Online Collection Software < 1.0.1 - SQL Injection
CVSS 9.8
CVE-2023-37687
HIGH
Online Nurse Hiring System 1.0 - Stored Cross-Site Scripting in Admin View Request Page
CVSS 7.2
Details
Vulnerabilities
19,747
Exploit Likelihood
High