CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,771 vulnerabilities with CWE-89
CVE-2023-2484
HIGH
Active Directory Integration / LDAP Integration <= 4.1.4 - SQL Injection via orderby/order
CVSS 7.2
CVE-2023-2237
HIGH
WP Replicate Post <= 4.0.2 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2023-1016
MEDIUM
Intuitive Custom Post Order <= 3.1.4.1 - Authenticated SQL Injection via 'objects' and 'tags' Parameters
CVSS 6.6
CVE-2023-3163
LOW
RuoYi < 4.7.7 - Uncontrolled Resource Consumption via filterKeyword Function
CVSS 3.5
CVE-2023-3152
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3151
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3150
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3149
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3148
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3147
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3146
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3145
MEDIUM
SourceCodester Online Discussion Forum Site 1.0 - SQL Injection
CVSS 6.3
CVE-2023-29632
CRITICAL
jmspagebuilder 3.x - SQL Injection via ajax_jmspagebuilder.php
CVSS 9.8
CVE-2023-3120
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3119
MEDIUM
SourceCodester Service Provider Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-29630
CRITICAL
jms_drop_mega_menu 1.1.x and 2.0.x - SQL Injection via ajax_jmsmegamenu.php
CVSS 9.8
CVE-2023-29629
CRITICAL
jmsthemelayout 2.5.5 - SQL Injection via ajax_jmsvermegamenu.php
CVSS 9.8
CVE-2023-3100
MEDIUM
IBOS 4.5.5 - SQL Injection via Dashboard Approval Del Function
CVSS 5.5
CVE-2023-3094
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33762
CRITICAL
simpleRedak <2.47.23.05 - SQL Injection
CVSS 9.8
CVE-2023-3068
MEDIUM
Campcodes Retro Cellphone Online Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-30149
CRITICAL
ebewe City Autocomplete < 1.8.12 - SQL Injection via Autocompletion Parameters
CVSS 9.8
CVE-2023-3062
MEDIUM
Agro-School Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-34362
CRITICAL
KEV
MOVEit SQL Injection vulnerability
CVSS 9.8
CVE-2023-3059
MEDIUM
SourceCodester Online Exam Form Submission 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,771
Exploit Likelihood
High