CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,747 vulnerabilities with CWE-89
CVE-2023-37682
CRITICAL
Judging Management System 1.0 - SQL Injection via id Parameter
CVSS 9.8
CVE-2023-3717
CRITICAL
Farmakom Remote Administration Console < 1.02 - SQL Injection
CVSS 9.8
CVE-2023-37372
CRITICAL
RUGGEDCOM CROSSBOW < V5.4 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-27411
HIGH
RUGGEDCOM CROSSBOW < 5.4 - Authenticated SQL Injection
CVSS 8.8
CVE-2023-3898
CRITICAL
mAyaNet E-Commerce <1.1 - SQL Injection
CVSS 9.8
CVE-2023-33993
HIGH
SAP Business One 10.0 - SQL Injection
CVSS 7.1
CVE-2023-39526
CRITICAL
PrestaShop <1.7.8.10, 8.0.5, <8.1.1 - Remote Code Execution via SQL Injection and Arbitrary File Write
CVSS 9.1
CVE-2023-4201
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-39524
MEDIUM
PrestaShop < 8.1.1 - SQL Injection via Product Search Field
CVSS 6.7
CVE-2023-4200
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-4199
MEDIUM
SourceCodester Inventory Management System 1.0 - SQL Injection via catagory_data.php columns[1][data] Argument
CVSS 6.3
CVE-2023-38044
CRITICAL
HikaShop 4.0.0-4.7.2 - SQL Injection
CVSS 9.8
CVE-2023-34477
CRITICAL
braincert virtual_classroom 1.0.0-1.24.9 - SQL Injection
CVSS 9.8
CVE-2023-34476
CRITICAL
mooj proforms 1.0.0-1.5.9 - SQL Injection
CVSS 9.8
CVE-2023-23758
CRITICAL
creative_gallery 1.0.0-2.1.9 - SQL Injection
CVSS 9.8
CVE-2023-23757
CRITICAL
bestaddon_gallery 1.0.0-1.1.9 - SQL Injection
CVSS 9.8
CVE-2023-4193
MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection via view_fee.php id Parameter
CVSS 6.3
CVE-2023-4192
MEDIUM
SourceCodester Resort Reservation System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2023-4185
MEDIUM
Online Hospital Management System 1.0 - SQL Injection via patientlogin.php
CVSS 6.3
CVE-2023-4184
HIGH
Inventory Management System 1.0 - SQL Injection via sell_return.php pid Parameter
CVSS 7.3
CVE-2023-4182
HIGH
SourceCodester Inventory Management System 1.0 - SQL Injection via edit_sell.php up_pid Parameter
CVSS 7.3
CVE-2023-4180
HIGH
Free Hospital Management System for Small Practices 1.0 - SQL Injection via login.php Useremail/Userpassword Parameters
CVSS 7.3
CVE-2023-4179
MEDIUM
Free Hospital Management System for Small Practices 1.0 - SQL Injection via doctors.php id Parameter
CVSS 6.3
CVE-2023-4176
MEDIUM
SourceCodester Hospital Management System 1.0 - SQL Injection via appointmentapproval.php Time Parameter
CVSS 6.3
CVE-2023-4188
CRITICAL
instantcms < 2.16.1 - SQL Injection
CVSS 9.1
Details
Vulnerabilities
19,747
Exploit Likelihood
High