CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-3059 MEDIUM
SourceCodester Online Exam Form Submission 1.0 - SQL Injection
CVSS 6.3
CVE-2023-28701 CRITICAL
ELITE TECHNOLOGY CORP. Web Fax - SQL Injection
CVSS 9.8
CVE-2023-3000 CRITICAL
ErMon <230602 - SQL Injection
CVSS 9.8
CVE-2023-2201 HIGH
Web Directory Free for WordPress <= 1.6.8 - Authenticated SQL Injection via post_id Parameter
CVSS 8.8
CVE-2023-29154 HIGH
CONPROSYS HMI System <3.5.3 - SQL Injection
CVSS 7.2
CVE-2023-33967 HIGH
EaseProbe < 2.1.0 - SQL Injection via MySQL/PostgreSQL Data Checking
CVSS 8.2
CVE-2023-33509 CRITICAL
KramerAV VIA GO² <4.0.1.1326 - SQL Injection
CVSS 9.8
CVE-2023-3008 HIGH
Ningzichun Student Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-3004 MEDIUM
SourceCodester Simple Chat System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-3003 MEDIUM
SourceCodester Train Station Ticketing System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-33734 CRITICAL
BlueCMS v1.6 - SQL Injection via search.php keywords parameter
CVSS 9.8
CVE-2023-33180 MEDIUM
Xibo 3.2.0-3.3.2 - Authenticated SQL Injection via Display Map API Bounds Parameter
CVSS 6.5
CVE-2023-33179 MEDIUM
Xibo 3.2.0-3.3.4 - Authenticated SQL Injection via nameFilter Function
CVSS 6.5
CVE-2023-33178 MEDIUM
Xibo <2.3.17, <3.3.5 - SQL Injection
CVSS 6.5
CVE-2023-2962 MEDIUM
Faculty Evaluation System 1.0 - SQL Injection via index.php id Parameter
CVSS 4.7
CVE-2023-2955 MEDIUM
Students Online Internship Timesheet System 1.0 - SQL Injection via rendered_report.php sid Parameter
CVSS 6.3
CVE-2023-2951 MEDIUM
Bus Dispatch and Information System 1.0 - SQL Injection via delete_bus.php busid Parameter
CVSS 6.3
CVE-2023-33439 HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-33280 CRITICAL
Store Commander QuickAccounting < 3.7.4 - SQL Injection
CVSS 9.8
CVE-2023-33279 CRITICAL
Store Commander <2023-05-09 - SQL Injection
CVSS 9.8
CVE-2023-33278 CRITICAL
Store Commander scexportcustomers < 3.6.2 - SQL Injection
CVSS 9.8
CVE-2023-2851 CRITICAL
AGT Tech Ceppatron - SQL Injection and Command Execution
CVSS 9.8
CVE-2023-33945 MEDIUM
Liferay Portal/DXP <7.4.3.17/7.4 - SQL Injection
CVSS 6.4
CVE-2023-2064 CRITICAL
eTrace < 23.05.20 - SQL Injection
CVSS 9.8
CVE-2023-2045 CRITICAL
Ipekyolu Software Auto Damage Tracking Software < 4 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,772
Exploit Likelihood High