CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-31610 HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31609 HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31608 HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31607 HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31845 HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31844 HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31843 HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31842 HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-0600 CRITICAL
WP Visitor Statistics < 6.9 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-2699 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2698 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2697 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2696 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2695 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2694 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2693 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2690 MEDIUM
SourceCodester Personnel Property Equipment System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2689 MEDIUM
SourceCodester Billing Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-32306 HIGH
Time Tracker < 1.22.13.5792 - SQL Injection via Unvalidated POST Parameters in Reports
CVSS 8.8
CVE-2023-1934 CRITICAL
PnPSCADA - Unauthenticated SQL Injection via hitlogcsv.jsp Endpoint
CVSS 9.8
CVE-2023-30246 CRITICAL
Judging Management System 1.0 - SQL Injection via contestant_id Parameter
CVSS 9.8
CVE-2023-2677 MEDIUM
SourceCodester Covid-19 Contact Tracing System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2672 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2669 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2668 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,772
Exploit Likelihood High