CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,747 vulnerabilities with CWE-89
CVE-2023-4166 MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_log.php
CVSS 5.5
CVE-2023-4165 MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_seal.php
CVSS 5.5
CVE-2023-33367 CRITICAL
Control ID IDSecure <4.7.26.0 - SQL Injection
CVSS 9.8
CVE-2023-39344 CRITICAL
social-media-skeleton - SQL Injection leading to Remote Code Execution
CVSS 10.0
CVE-2023-39551 CRITICAL
Online Security Guards Hiring System 1.0 - SQL Injection via Admin Search Endpoint
CVSS 9.8
CVE-2023-33665 CRITICAL
ai-dev aitable <v0.2.2 - SQL Injection
CVSS 9.8
CVE-2023-39121 HIGH
emlog v2.1.9 - SQL Injection via /admin/user.php
CVSS 7.2
CVE-2023-33666 CRITICAL
ai-dev aioptimizedcombinations <v0.1.3 - SQL Injection
CVSS 9.8
CVE-2023-36213 CRITICAL
MotoCMS 3.4.3 - SQL Injection via Search Keyword Parameter
CVSS 9.8
CVE-2023-33366 HIGH
Suprema BioStar 2 <2.9.1 - SQL Injection
CVSS 8.8
CVE-2023-21412 HIGH
AXIS License Plate Verifier < 2.8.3 - SQL Injection via search.cgi
CVSS 7.2
CVE-2023-38954 CRITICAL
ZKTeco BioAccess IVS 3.3.1 - SQL Injection
CVSS 9.8
CVE-2023-26443 MEDIUM
Full-text autocomplete search - SQL Injection
CVSS 5.5
CVE-2023-26440 HIGH
Open-Xchange AppSuite Office <= 8.11 - SQL Injection
CVSS 7.1
CVE-2023-26439 HIGH
Open-Xchange AppSuite Office <= 8.11 - SQL Injection
CVSS 7.6
CVE-2023-37772 HIGH
Online Shopping Portal Project 3.1 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2023-39122 CRITICAL
BMC Control-M <9.0.20.200 - SQL Injection
CVSS 9.8
CVE-2023-3983 HIGH
Advantech iView < 5.7.4.6752 - Authenticated SQL Injection via com.imc.iview.utils.CUtils.checkSQLInjection() Bypass
CVSS 8.8
CVE-2023-37771 CRITICAL
Art Gallery Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-34635 CRITICAL
Wifi Soft Unibox Administration 3.0-3.1 - SQL Injection via Login Username Field
CVSS 9.8
CVE-2023-37647 CRITICAL
SEMCMS v1.5 - SQL Injection via id Parameter at Ant_Suxin.php
CVSS 9.8
CVE-2023-38992 CRITICAL
jeecg-boot < 3.5.3 - SQL Injection via Title Parameter at /sys/dict/loadTreeData
CVSS 9.8
CVE-2023-31937 HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
CVE-2023-31936 HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
CVE-2023-31933 HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
Details
Vulnerabilities 19,747
Exploit Likelihood High