CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,752 vulnerabilities with CWE-89
CVE-2023-3534 MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3528 MEDIUM
ThinuTech ThinuCMS 1.5 - SQL Injection
CVSS 6.3
CVE-2023-30325 HIGH
ChatEngine 1.0 - SQL Injection via textMessage Parameter
CVSS 7.5
CVE-2023-30323 HIGH
ChatEngine 1.0 - SQL Injection via Username Field
CVSS 7.5
CVE-2023-22319 HIGH
Milesight VPN <2.0.2 - SQL Injection
CVSS 7.3
CVE-2023-36968 HIGH
Food Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-36189 HIGH
langchain <0.0.247 - Info Disclosure
CVSS 7.5
CVE-2023-36813 HIGH
kanboard < 1.2.31 - Authenticated SQL Injection via PicoDB Library
CVSS 7.1
CVE-2023-36808 HIGH
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
CVSS 8.6
CVE-2023-35924 HIGH
GLPI 10.0.0-10.0.8 - Unauthenticated SQL Injection via Inventory Endpoint
CVSS 8.6
CVE-2023-36934 CRITICAL
Progress MOVEit Transfer < 12.1.11 - Unauthenticated SQL Injection
CVSS 9.1
CVE-2023-36932 HIGH
Progress MOVEit Transfer < 2020.1.11, 2021.0.9, 2021.1.7, 2022.0.7, 2022.1.8, 2023.0.4 - Authenticated SQL Injection
CVSS 8.1
CVE-2023-3502 MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3490 CRITICAL
fossbilling < 0.5.3 - SQL Injection
CVSS 9.8
CVE-2023-3478 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Add User Handler id Parameter
CVSS 4.7
CVE-2023-3473 MEDIUM
Retro Cellphone Online Store 1.0 - SQL Injection via Edit Product Username Parameter
CVSS 4.7
CVE-2023-3458 MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection via forgot-password.php Contact Parameter
CVSS 6.3
CVE-2023-3457 MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection via index.php Username Parameter
CVSS 6.3
CVE-2023-34735 CRITICAL
Property Cloud Platform Management Center 1.0 - SQL Injection
CVSS 9.8
CVE-2023-34487 CRITICAL
Online Hotel Management System 1.0.0 - SQL Injection via Login Password Input
CVSS 9.8
CVE-2023-33592 CRITICAL
Lost and Found Information System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-3449 MEDIUM
IBOS OA 4.5.5 - SQL Injection via Interview Management Export interviews Parameter
CVSS 5.5
CVE-2023-2592 HIGH
FormCraft WordPress Plugin < 3.9.7 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-2482 HIGH
Responsive CSS EDITOR < 1.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-32530 HIGH
Trend Micro Apex Central - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities 19,752
Exploit Likelihood High