CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,747 vulnerabilities with CWE-89
CVE-2023-2963 CRITICAL
Oliva Expertise EKS < 1.2 - SQL Injection
CVSS 9.8
CVE-2023-2636 HIGH
AN_GradeBook <5.0.1 - SQL Injection
CVSS 8.8
CVE-2023-2760 HIGH
TapHome core_firmware < 2023.2 - Authenticated SQL Injection via HandleMessageUpdateDevicePropertiesRequest
CVSS 7.6
CVE-2023-3695 MEDIUM
Campcodes Beauty Salon Management System 1.0 - SQL Injection via add-product.php Category Parameter
CVSS 6.3
CVE-2023-3694 MEDIUM
SourceCodester House Rental and Property Listing 1.0 - SQL Injection via Index.php Keywords/Location Parameter
CVSS 6.3
CVE-2023-3693 HIGH
Life Insurance Management System 1.0 - SQL Injection via login.php Username Parameter
CVSS 7.3
CVE-2023-3690 MEDIUM
Bylancer QuickOrder 6.3.7 - SQL Injection via GET Parameter in /blog
CVSS 6.3
CVE-2023-3689 MEDIUM
Bylancer QuickQR 6.3.7 - SQL Injection via GET Parameter in /blog
CVSS 6.3
CVE-2023-3688 MEDIUM
Bylancer QuickJob 6.1 - SQL Injection via GET Parameter Handler
CVSS 6.3
CVE-2023-3687 MEDIUM
Bylancer QuickVCard 2.1 - SQL Injection via GET Parameter in Blog Handler
CVSS 6.3
CVE-2023-3686 MEDIUM
Bylancer QuickAI OpenAI 3.8.1 - SQL Injection via GET Parameter in /blog
CVSS 6.3
CVE-2023-3682 MEDIUM
Nesote Inout Blockchain EasyPayments 1.0 - SQL Injection via /index.php/payment/getcoinaddress coinid Parameter
CVSS 6.3
CVE-2023-3680 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3679 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection via id Parameter in Master.php
CVSS 6.3
CVE-2023-3678 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-37472 HIGH
Knowage 6.1.0-8.1.8 - Authenticated SQL Injection via Label Parameter
CVSS 7.7
CVE-2023-3673 HIGH
pimcore < 10.5.24 - SQL Injection
CVSS 7.2
CVE-2023-37278 MEDIUM
GLPI < 10.0.9 - Authenticated SQL Injection via Dashboards Administration
CVSS 6.8
CVE-2023-30151 CRITICAL
Boxtal envoimoinscher < 3.1.10 - SQL Injection via Key GET Parameter
CVSS 9.8
CVE-2023-35070 CRITICAL
VegaGroup Web Collection < 31197 - SQL Injection
CVSS 9.8
CVE-2023-3661 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3658 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-3657 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via Master.php id Parameter
CVSS 6.3
CVE-2023-2957 CRITICAL
Lisa Software Florist Site < 3.0 - SQL Injection
CVSS 9.8
CVE-2023-1547 CRITICAL
Parkmatik <02.01-a51 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,747
Exploit Likelihood High