CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,771 vulnerabilities with CWE-89
CVE-2023-2484 HIGH
Active Directory Integration / LDAP Integration <= 4.1.4 - SQL Injection via orderby/order
CVSS 7.2
CVE-2023-2237 HIGH
WP Replicate Post <= 4.0.2 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2023-1016 MEDIUM
Intuitive Custom Post Order <= 3.1.4.1 - Authenticated SQL Injection via 'objects' and 'tags' Parameters
CVSS 6.6
CVE-2023-3163 LOW
RuoYi < 4.7.7 - Uncontrolled Resource Consumption via filterKeyword Function
CVSS 3.5
CVE-2023-3152 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3151 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3150 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3149 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3148 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3147 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3146 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3145 MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-29632 CRITICAL
jmspagebuilder 3.x - SQL Injection via ajax_jmspagebuilder.php
CVSS 9.8
CVE-2023-3120 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3119 MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-29630 CRITICAL
jms_drop_mega_menu 1.1.x and 2.0.x - SQL Injection via ajax_jmsmegamenu.php
CVSS 9.8
CVE-2023-29629 CRITICAL
jmsthemelayout 2.5.5 - SQL Injection via ajax_jmsvermegamenu.php
CVSS 9.8
CVE-2023-3100 MEDIUM
IBOS 4.5.5 - SQL Injection via Dashboard Approval Del Function
CVSS 5.5
CVE-2023-3094 MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33762 CRITICAL
simpleRedak <2.47.23.05 - SQL Injection
CVSS 9.8
CVE-2023-3068 MEDIUM
Campcodes Retro Cellphone Online Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-30149 CRITICAL
ebewe City Autocomplete < 1.8.12 - SQL Injection via Autocompletion Parameters
CVSS 9.8
CVE-2023-3062 MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-34362 CRITICAL KEV
MOVEit SQL Injection vulnerability
CVSS 9.8
CVE-2023-3059 MEDIUM
SourceCodester Online Exam Form Submission 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,771
Exploit Likelihood High