CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,747 vulnerabilities with CWE-89
CVE-2023-31932 HIGH
Rail Pass Management System <1.0 - Code Injection
CVSS 7.2
CVE-2023-3988 MEDIUM
Cafe Billing System 1.0 - SQL Injection via Order Handler id Parameter
CVSS 6.3
CVE-2023-3987 MEDIUM
Simple Online Men's Salon Management System 1.0 - SQL Injection via /admin/?page=user/manage_user id Parameter
CVSS 6.3
CVE-2023-3985 HIGH
SourceCodester Online Jewelry Store 1.0 - SQL Injection via login.php Username/Password Parameters
CVSS 7.3
CVE-2023-3984 MEDIUM
phpscriptpoint RecipePoint 1.9 - SQL Injection via Recipe Result Page Parameters
CVSS 6.3
CVE-2023-26859 CRITICAL
PrestaShop sendinblue <4.0.15 - SQL Injection
CVSS 9.8
CVE-2023-37258 HIGH
DataEase < 1.18.9 - SQL Injection via Blacklist Bypass
CVSS 8.8
CVE-2023-35088 CRITICAL
Apache InLong 1.4.0-1.7.0 - SQL Injection via toAuditCkSql Method
CVSS 9.8
CVE-2023-35066 CRITICAL
Infodrom E-Invoice Approval System < 20230701 - SQL Injection
CVSS 9.8
CVE-2023-3046 CRITICAL
Biltay Technology Scienta <20230630.1953 - SQL Injection
CVSS 9.8
CVE-2023-3882 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3881 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3880 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3879 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3878 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3877 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3876 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3875 MEDIUM
Campcodes Beauty Salon Management System 0.1.0 - SQL Injection
CVSS 6.3
CVE-2023-3874 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-37361 LOW
REDCap < 12.0.26 LTS and < 12.3.2 - SQL Injection via Scheduling, Repeatforms, Purpose, App Title, or Randomization
CVSS 2.7
CVE-2023-3873 HIGH
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-3872 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3871 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3859 MEDIUM
phpscriptpoint Car Listing <1.6 - SQL Injection
CVSS 6.3
CVE-2023-3854 MEDIUM
phpscriptpoint BloodBank 1.1 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,747
Exploit Likelihood High