CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-29809 CRITICAL
companymaps 8.0 - SQL Injection
CVSS 9.8
CVE-2023-30192 CRITICAL
Prestashop possearchproducts 1.7 - SQL Injection via PosSearch::find()
CVSS 9.8
CVE-2023-28359 MEDIUM
Rocket.Chat < 6.0.0 - Unauthenticated NoSQL Injection via listEmojiCustom Method
CVSS 5.3
CVE-2023-2661 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2660 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2659 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2658 MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2656 MEDIUM
SourceCodester AC Repair - SQL Injection
CVSS 6.3
CVE-2023-29863 CRITICAL
Medisys Weblab 19.4.03 - SQL Injection via tem:statement Parameter in WSDL Files
CVSS 9.8
CVE-2023-2653 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2652 MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2643 MEDIUM
SourceCodester File Tracker Manager System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2642 MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2641 HIGH
SourceCodester Online Internship Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-30194 CRITICAL
Prestashop posstaticfooter <= 1.0.0 - SQL Injection via posstaticfooter::getPosCurrentHook()
CVSS 9.8
CVE-2023-2619 MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-32569 HIGH
Veritas InfoScale Operations Manager < 7.4.2.800 and 8.x < 8.0.410 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-2596 MEDIUM
Online Reviewer System 1.0 - SQL Injection via user_id Parameter in user-update.php
CVSS 6.3
CVE-2023-2595 MEDIUM
SourceCodester Billing Management System 1.0 - SQL Injection via drop_services Parameter in ajax_service.php
CVSS 6.3
CVE-2023-2594 HIGH
Food Ordering Management System 1.0 - SQL Injection via Registration Username Parameter
CVSS 7.3
CVE-2023-30092 CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection via QTY Parameter
CVSS 9.8
CVE-2023-2114 HIGH
NEX-Forms < 8.4 - SQL Injection via Table Parameter
CVSS 7.2
CVE-2023-31038 HIGH
Apache Log4cxx 0.9.0-1.0.0 - SQL Injection via ODBC Appender
CVSS 8.8
CVE-2023-30018 CRITICAL
Judging Management System 1.0 - SQL Injection via mainevent_id Parameter
CVSS 9.8
CVE-2023-30243 HIGH
Beijing Netcon NS-ASG Application Security Gateway v6.3 - SQL Injection via TunnelId
CVSS 7.5
Details
Vulnerabilities 19,772
Exploit Likelihood High