CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,771 vulnerabilities with CWE-89
CVE-2023-3391
MEDIUM
SourceCodester Human Resource Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-36284
HIGH
Webkul QloApps <1.6.0 - SQL Injection
CVSS 7.5
CVE-2023-3383
MEDIUM
SourceCodester Game Result Matrix System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-35132
MEDIUM
Moodle < 3.9.22, 4.0-4.0.8, 4.1-4.1.3, 4.2 - SQL Injection in Mnet SSO Access Control
CVSS 6.3
CVE-2023-36364
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-36363
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-36362
HIGH
MonetDB v11.45.17 and v11.46.0 - Denial of Service via Crafted SQL Statements
CVSS 7.5
CVE-2023-34601
CRITICAL
jeesite < 2023-05-27 - SQL Injection via ${businessTable} in ActDao.xml
CVSS 9.8
CVE-2023-33584
CRITICAL
Sourcecodester Enrollment System Project V1.0 - SQL Injection
CVSS 9.8
CVE-2023-3339
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3340
MEDIUM
SourceCodester Online School Fees System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-34600
CRITICAL
Adiscon LogAnalyzer < 4.1.13 - SQL Injection
CVSS 9.8
CVE-2023-2907
CRITICAL
Marksoft < 7.1.7 - SQL Injection
CVSS 9.8
CVE-2023-34603
HIGH
JeecgBoot < 3.5.1 - SQL Injection via queryFilterTableDictInfo
CVSS 7.5
CVE-2023-34602
HIGH
JeecgBoot < 3.5.1 - SQL Injection via queryTableDictItemsByCode
CVSS 7.5
CVE-2023-3310
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3307
MEDIUM
miniCal 1.0.0 - SQL Injection via Booking Search Query
CVSS 6.3
CVE-2023-35811
HIGH
SugarCRM 11.0.0-11.0.5 12.0.0-12.0.2 - Authenticated SQL Injection via REST API
CVSS 8.8
CVE-2023-34659
CRITICAL
jeecg-boot 3.5.0-3.5.1 - SQL Injection via /jeecg-boot/jmreport/show id Parameter
CVSS 9.8
CVE-2023-30625
HIGH
Rudder Server SQLI Remote Code Execution
CVSS 8.8
CVE-2023-35782
HIGH
ipandlanguageredirect < 5.1.2 - SQL Injection
CVSS 8.2
CVE-2023-34548
CRITICAL
Simple Customer Relationship Management 1.0 - SQL Injection via Email Parameter
CVSS 9.8
CVE-2023-35708
CRITICAL
Progress MOVEit Transfer < 2020.1.10 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-32754
CRITICAL
Thinking Software Efence - Unauthenticated SQL Injection via Login Function
CVSS 9.8
CVE-2023-2080
HIGH
Forcepoint Cloud Security Gateway Portal - Blind SQL Injection
CVSS 8.5
Details
Vulnerabilities
19,771
Exploit Likelihood
High