CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,752 vulnerabilities with CWE-89
CVE-2023-32529
HIGH
Trend Micro Apex Central - Authenticated SQL Injection
CVSS 8.8
CVE-2023-34418
HIGH
Lenovo XClarity Administrator < 4.0.0 - Authenticated SQL Injection via Web API
CVSS 8.1
CVE-2023-29459
MEDIUM
FC Red Bull Salzburg App < 5.1.9-r - Arbitrary Content Loading via WebView URI Handling
CVSS 6.1
CVE-2023-36663
HIGH
it-novum openITCOCKPIT <4.6.5 - SQL Injection
CVSS 8.8
CVE-2023-3396
MEDIUM
Campcodes Retro Cellphone Online Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3197
CRITICAL
MStore API < 4.0.1 - Unauthenticated Blind SQL Injection via 'id' Parameter
CVSS 9.8
CVE-2023-3391
MEDIUM
SourceCodester Human Resource Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-36284
HIGH
Webkul QloApps <1.6.0 - SQL Injection
CVSS 7.5
CVE-2023-3383
MEDIUM
SourceCodester Game Result Matrix System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-35132
MEDIUM
Moodle < 3.9.22, 4.0-4.0.8, 4.1-4.1.3, 4.2 - SQL Injection in Mnet SSO Access Control
CVSS 6.3
CVE-2023-36364
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-36363
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-36362
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-34601
CRITICAL
jeesite < 2023-05-27 - SQL Injection via ${businessTable} in ActDao.xml
CVSS 9.8
CVE-2023-33584
CRITICAL
Sourcecodester Enrollment System Project V1.0 - SQL Injection
CVSS 9.8
CVE-2023-3339
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3340
MEDIUM
SourceCodester Online School Fees System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-34600
CRITICAL
Adiscon LogAnalyzer < 4.1.13 - SQL Injection
CVSS 9.8
CVE-2023-2907
CRITICAL
Marksoft < 7.1.7 - SQL Injection
CVSS 9.8
CVE-2023-34603
HIGH
JeecgBoot < 3.5.1 - SQL Injection via queryFilterTableDictInfo
CVSS 7.5
CVE-2023-34602
HIGH
JeecgBoot < 3.5.1 - SQL Injection via queryTableDictItemsByCode
CVSS 7.5
CVE-2023-3310
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3307
MEDIUM
miniCal 1.0.0 - SQL Injection via Booking Search Query
CVSS 6.3
CVE-2023-35811
HIGH
SugarCRM 11.0.0-11.0.5 12.0.0-12.0.2 - Authenticated SQL Injection via REST API
CVSS 8.8
CVE-2023-34659
CRITICAL
jeecg-boot 3.5.0-3.5.1 - SQL Injection via /jeecg-boot/jmreport/show id Parameter
CVSS 9.8
Details
Vulnerabilities
19,752
Exploit Likelihood
High