CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,747 vulnerabilities with CWE-89
CVE-2023-4166
MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_log.php
CVSS 5.5
CVE-2023-4165
MEDIUM
Tongda OA - SQL Injection via DELETE_STR Parameter in delete_seal.php
CVSS 5.5
CVE-2023-33367
CRITICAL
Control ID IDSecure <4.7.26.0 - SQL Injection
CVSS 9.8
CVE-2023-39344
CRITICAL
social-media-skeleton - SQL Injection leading to Remote Code Execution
CVSS 10.0
CVE-2023-39551
CRITICAL
Online Security Guards Hiring System 1.0 - SQL Injection via Admin Search Endpoint
CVSS 9.8
CVE-2023-33665
CRITICAL
ai-dev aitable <v0.2.2 - SQL Injection
CVSS 9.8
CVE-2023-39121
HIGH
emlog v2.1.9 - SQL Injection via /admin/user.php
CVSS 7.2
CVE-2023-33666
CRITICAL
ai-dev aioptimizedcombinations <v0.1.3 - SQL Injection
CVSS 9.8
CVE-2023-36213
CRITICAL
MotoCMS 3.4.3 - SQL Injection via Search Keyword Parameter
CVSS 9.8
CVE-2023-33366
HIGH
Suprema BioStar 2 <2.9.1 - SQL Injection
CVSS 8.8
CVE-2023-21412
HIGH
AXIS License Plate Verifier < 2.8.3 - SQL Injection via search.cgi
CVSS 7.2
CVE-2023-38954
CRITICAL
ZKTeco BioAccess IVS 3.3.1 - SQL Injection
CVSS 9.8
CVE-2023-26443
MEDIUM
Full-text autocomplete search - SQL Injection
CVSS 5.5
CVE-2023-26440
HIGH
Open-Xchange AppSuite Office <= 8.11 - SQL Injection
CVSS 7.1
CVE-2023-26439
HIGH
Open-Xchange AppSuite Office <= 8.11 - SQL Injection
CVSS 7.6
CVE-2023-37772
HIGH
Online Shopping Portal Project 3.1 - SQL Injection via Email Parameter
CVSS 8.8
CVE-2023-39122
CRITICAL
BMC Control-M <9.0.20.200 - SQL Injection
CVSS 9.8
CVE-2023-3983
HIGH
Advantech iView < 5.7.4.6752 - Authenticated SQL Injection via com.imc.iview.utils.CUtils.checkSQLInjection() Bypass
CVSS 8.8
CVE-2023-37771
CRITICAL
Art Gallery Management System 1.0 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-34635
CRITICAL
Wifi Soft Unibox Administration 3.0-3.1 - SQL Injection via Login Username Field
CVSS 9.8
CVE-2023-37647
CRITICAL
SEMCMS v1.5 - SQL Injection via id Parameter at Ant_Suxin.php
CVSS 9.8
CVE-2023-38992
CRITICAL
jeecg-boot < 3.5.3 - SQL Injection via Title Parameter at /sys/dict/loadTreeData
CVSS 9.8
CVE-2023-31937
HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
CVE-2023-31936
HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
CVE-2023-31933
HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
Details
Vulnerabilities
19,747
Exploit Likelihood
High