CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,771 vulnerabilities with CWE-89
CVE-2023-31672
CRITICAL
ai-dev ailinear < 2.4.3 - SQL Injection
CVSS 9.8
CVE-2023-34626
MEDIUM
Piwigo < 13.7.0 - SQL Injection via Users Function
CVSS 4.3
CVE-2023-3275
MEDIUM
PHPGurukul Rail Pass Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 6.3
CVE-2023-30150
CRITICAL
leocustomajax 1.0 and 1.0.0 - SQL Injection via leoajax.php
CVSS 9.8
CVE-2023-31671
CRITICAL
PrestaShop postfinance <17.1.13 - SQL Injection
CVSS 9.8
CVE-2023-34756
CRITICAL
bloofoxcms v0.5.2.1 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-34755
CRITICAL
bloofoxcms 0.5.2.1 - SQL Injection via UserID Parameter
CVSS 9.8
CVE-2023-34754
CRITICAL
bloofoxcms 0.5.2.1 - SQL Injection via pid Parameter
CVSS 9.8
CVE-2023-34753
CRITICAL
bloofoxcms 0.5.2.1 - SQL Injection via tid Parameter
CVSS 9.8
CVE-2023-34752
CRITICAL
bloofoxcms v0.5.2.1 - SQL Injection via lid Parameter
CVSS 9.8
CVE-2023-34751
CRITICAL
bloofoxcms v0.5.2.1 - SQL Injection via gid Parameter
CVSS 9.8
CVE-2023-34750
CRITICAL
bloofoxcms v0.5.2.1 - SQL Injection via cid Parameter
CVSS 9.8
CVE-2023-33817
HIGH
HotelDruid 3.0.5 - SQL Injection
CVSS 8.8
CVE-2023-34249
CRITICAL
pybb < 0.1.0 - SQL Injection in BulletinDatabaseModule
CVSS 9.8
CVE-2023-35064
CRITICAL
Satos Mobile < 20230607 - SQL Injection via SOAP Parameter Tampering
CVSS 9.8
CVE-2023-3047
CRITICAL
TMT Lockcell < 15.0 - SQL Injection
CVSS 9.8
CVE-2023-32115
MEDIUM
SAP Master Data Synchronization - SQL Injection via MDS COMPARE TOOL
CVSS 4.2
CVE-2023-3208
MEDIUM
RoadFlow Visual Process Engine .NET Core Mvc 2.13.3 - SQL Injection via sidx/sord Parameters
CVSS 6.3
CVE-2023-34581
CRITICAL
Service Provider Management System 1.0 - SQL Injection via ID Parameter
CVSS 9.8
CVE-2023-35036
CRITICAL
Progress MOVEit Transfer < 2021.0.7, 2021.1.5, 2022.0.5, 2022.1.6, 2023.0.2 - Unauthenticated SQL Injection
CVSS 9.1
CVE-2023-22583
CRITICAL
Danfoss AK-EM100 Firmware < 2.2.0.12 - SQL Injection via Login Form
CVSS 10.0
CVE-2023-33557
HIGH
Fuel CMS 1.5.2 - SQL Injection via Blocks Controller id Parameter
CVSS 8.8
CVE-2023-3177
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3176
MEDIUM
SourceCodester Lost and Found Info Sys 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2607
HIGH
Multiple Page Generator Plugin <3.3.17 - SQL Injection
CVSS 7.2
Details
Vulnerabilities
19,771
Exploit Likelihood
High