CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-31610
HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31609
HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31608
HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31607
HIGH
openlink virtuoso-opensource <7.2.9 - DoS
CVSS 7.5
CVE-2023-31845
HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31844
HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31843
HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-31842
HIGH
Sourcecodester Faculty Evaluation System v1.0 - SQL Injection
CVSS 7.2
CVE-2023-0600
CRITICAL
WP Visitor Statistics < 6.9 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2023-2699
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2698
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2697
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2696
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2695
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2694
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2693
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2690
MEDIUM
SourceCodester Personnel Property Equipment System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2689
MEDIUM
SourceCodester Billing Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-32306
HIGH
Time Tracker < 1.22.13.5792 - SQL Injection via Unvalidated POST Parameters in Reports
CVSS 8.8
CVE-2023-1934
CRITICAL
PnPSCADA - Unauthenticated SQL Injection via hitlogcsv.jsp Endpoint
CVSS 9.8
CVE-2023-30246
CRITICAL
Judging Management System 1.0 - SQL Injection via contestant_id Parameter
CVSS 9.8
CVE-2023-2677
MEDIUM
SourceCodester Covid-19 Contact Tracing System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2672
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2669
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2668
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
Details
Vulnerabilities
19,772
Exploit Likelihood
High