CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-3059
MEDIUM
SourceCodester Online Exam Form Submission 1.0 - SQL Injection
CVSS 6.3
CVE-2023-28701
CRITICAL
ELITE TECHNOLOGY CORP. Web Fax - SQL Injection
CVSS 9.8
CVE-2023-3000
CRITICAL
ErMon <230602 - SQL Injection
CVSS 9.8
CVE-2023-2201
HIGH
Web Directory Free for WordPress <= 1.6.8 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2023-29154
HIGH
CONPROSYS HMI System <3.5.3 - SQL Injection
CVSS 7.2
CVE-2023-33967
HIGH
EaseProbe < 2.1.0 - SQL Injection via MySQL/PostgreSQL Data Checking
CVSS 8.2
CVE-2023-33509
CRITICAL
KramerAV VIA GO² <4.0.1.1326 - SQL Injection
CVSS 9.8
CVE-2023-3008
HIGH
Ningzichun Student Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-3004
MEDIUM
SourceCodester Simple Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3003
MEDIUM
SourceCodester Train Station Ticketing System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33734
CRITICAL
BlueCMS v1.6 - SQL Injection via search.php keywords parameter
CVSS 9.8
CVE-2023-33180
MEDIUM
Xibo 3.2.0-3.3.2 - Authenticated SQL Injection via Display Map API Bounds Parameter
CVSS 6.5
CVE-2023-33179
MEDIUM
Xibo 3.2.0-3.3.4 - Authenticated SQL Injection via nameFilter Function
CVSS 6.5
CVE-2023-33178
MEDIUM
Xibo <2.3.17, <3.3.5 - SQL Injection
CVSS 6.5
CVE-2023-2962
MEDIUM
Faculty Evaluation System 1.0 - SQL Injection via index.php id Parameter
CVSS 4.7
CVE-2023-2955
MEDIUM
Students Online Internship Timesheet System 1.0 - SQL Injection via rendered_report.php sid Parameter
CVSS 6.3
CVE-2023-2951
MEDIUM
Bus Dispatch and Information System 1.0 - SQL Injection via delete_bus.php busid Parameter
CVSS 6.3
CVE-2023-33439
HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-33280
CRITICAL
Store Commander QuickAccounting < 3.7.4 - SQL Injection
CVSS 9.8
CVE-2023-33279
CRITICAL
Store Commander <2023-05-09 - SQL Injection
CVSS 9.8
CVE-2023-33278
CRITICAL
Store Commander scexportcustomers < 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-2851
CRITICAL
AGT Tech Ceppatron - SQL Injection and Command Execution
CVSS 9.8
CVE-2023-33945
MEDIUM
Liferay Portal/DXP <7.4.3.17/7.4 - SQL Injection
CVSS 6.4
CVE-2023-2064
CRITICAL
eTrace < 23.05.20 - SQL Injection
CVSS 9.8
CVE-2023-2045
CRITICAL
Ipekyolu Software Auto Damage Tracking Software < 4 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,772
Exploit Likelihood
High