CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,752 vulnerabilities with CWE-89
CVE-2023-3534
MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3528
MEDIUM
ThinuTech ThinuCMS 1.5 - SQL Injection
CVSS 6.3
CVE-2023-30325
HIGH
ChatEngine 1.0 - SQL Injection via textMessage Parameter
CVSS 7.5
CVE-2023-30323
HIGH
ChatEngine 1.0 - SQL Injection via Username Field
CVSS 7.5
CVE-2023-22319
HIGH
Milesight VPN <2.0.2 - SQL Injection
CVSS 7.3
CVE-2023-36968
HIGH
Food Ordering System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-36189
HIGH
langchain <0.0.247 - Info Disclosure
CVSS 7.5
CVE-2023-36813
HIGH
kanboard < 1.2.31 - Authenticated SQL Injection via PicoDB Library
CVSS 7.1
CVE-2023-36808
HIGH
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
CVSS 8.6
CVE-2023-35924
HIGH
GLPI 10.0.0-10.0.8 - Unauthenticated SQL Injection via Inventory Endpoint
CVSS 8.6
CVE-2023-36934
CRITICAL
Progress MOVEit Transfer < 12.1.11 - Unauthenticated SQL Injection
CVSS 9.1
CVE-2023-36932
HIGH
Progress MOVEit Transfer < 2020.1.11, 2021.0.9, 2021.1.7, 2022.0.7, 2022.1.8, 2023.0.4 - Authenticated SQL Injection
CVSS 8.1
CVE-2023-3502
MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3490
CRITICAL
fossbilling < 0.5.3 - SQL Injection
CVSS 9.8
CVE-2023-3478
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Add User Handler id Parameter
CVSS 4.7
CVE-2023-3473
MEDIUM
Retro Cellphone Online Store 1.0 - SQL Injection via Edit Product Username Parameter
CVSS 4.7
CVE-2023-3458
MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection via forgot-password.php Contact Parameter
CVSS 6.3
CVE-2023-3457
MEDIUM
SourceCodester Shopping Website 1.0 - SQL Injection via index.php Username Parameter
CVSS 6.3
CVE-2023-34735
CRITICAL
Property Cloud Platform Management Center 1.0 - SQL Injection
CVSS 9.8
CVE-2023-34487
CRITICAL
Online Hotel Management System 1.0.0 - SQL Injection via Login Password Input
CVSS 9.8
CVE-2023-33592
CRITICAL
Lost and Found Information System v1.0 - SQL Injection
CVSS 9.8
CVE-2023-3449
MEDIUM
IBOS OA 4.5.5 - SQL Injection via Interview Management Export interviews Parameter
CVSS 5.5
CVE-2023-2592
HIGH
FormCraft WordPress Plugin < 3.9.7 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-2482
HIGH
Responsive CSS EDITOR < 1.0 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-32530
HIGH
Trend Micro Apex Central - Authenticated SQL Injection
CVSS 8.8
Details
Vulnerabilities
19,752
Exploit Likelihood
High