CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,747 vulnerabilities with CWE-89
CVE-2023-37682 CRITICAL
Judging Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-3717 CRITICAL
Farmakom Remote Administration Console < 1.02 - SQL Injection
CVSS 9.8
CVE-2023-37372 CRITICAL
RUGGEDCOM CROSSBOW < V5.4 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-27411 HIGH
RUGGEDCOM CROSSBOW < 5.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-3898 CRITICAL
mAyaNet E-Commerce <1.1 - SQL Injection
CVSS 9.8
CVE-2023-33993 HIGH
SAP Business One 10.0 - SQL Injection
CVSS 7.1
CVE-2023-39526 CRITICAL
PrestaShop <1.7.8.10, 8.0.5, <8.1.1 - Remote Code Execution via SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2023-4201 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-39524 MEDIUM
PrestaShop < 8.1.1 - SQL Injection via Product Search Field
CVSS 6.7
CVE-2023-4200 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4199 MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via catagory_data.php columns[1][data] Argument
CVSS 6.3
CVE-2023-38044 CRITICAL
HikaShop 4.0.0-4.7.2 - SQL Injection
CVSS 9.8
CVE-2023-34477 CRITICAL
braincert virtual_classroom 1.0.0-1.24.9 - SQL Injection
CVSS 9.8
CVE-2023-34476 CRITICAL
mooj proforms 1.0.0-1.5.9 - SQL Injection
CVSS 9.8
CVE-2023-23758 CRITICAL
creative_gallery 1.0.0-2.1.9 - SQL Injection
CVSS 9.8
CVE-2023-23757 CRITICAL
bestaddon_gallery 1.0.0-1.1.9 - SQL Injection
CVSS 9.8
CVE-2023-4193 MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection via view_fee.php id Parameter
CVSS 6.3
CVE-2023-4192 MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2023-4185 MEDIUM
Online Hospital Management System 1.0 - SQL Injection via patientlogin.php
CVSS 6.3
CVE-2023-4184 HIGH
Inventory Management System 1.0 - SQL Injection via sell_return.php pid Parameter
CVSS 7.3
CVE-2023-4182 HIGH
SourceCodester Inventory Management System 1.0 - SQL Injection via edit_sell.php up_pid Parameter
CVSS 7.3
CVE-2023-4180 HIGH
Free Hospital Management System for Small Practices 1.0 - SQL Injection via login.php Useremail/Userpassword Parameters
CVSS 7.3
CVE-2023-4179 MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via doctors.php id Parameter
CVSS 6.3
CVE-2023-4176 MEDIUM
SourceCodester Hospital Management System 1.0 - SQL Injection via appointmentapproval.php Time Parameter
CVSS 6.3
CVE-2023-4188 CRITICAL
instantcms < 2.16.1 - SQL Injection
CVSS 9.1
Details
Vulnerabilities 19,747
Exploit Likelihood High