CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,772 vulnerabilities with CWE-89
CVE-2023-29809
CRITICAL
companymaps 8.0 - SQL Injection
CVSS 9.8
CVE-2023-30192
CRITICAL
Prestashop possearchproducts 1.7 - SQL Injection via PosSearch::find()
CVSS 9.8
CVE-2023-28359
MEDIUM
Rocket.Chat < 6.0.0 - Unauthenticated NoSQL Injection via listEmojiCustom Method
CVSS 5.3
CVE-2023-2661
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2660
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2659
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2658
MEDIUM
SourceCodester Online Computer and Laptop Store 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2656
MEDIUM
SourceCodester AC Repair - SQL Injection
CVSS 6.3
CVE-2023-29863
CRITICAL
Medisys Weblab 19.4.03 - SQL Injection via tem:statement Parameter in WSDL Files
CVSS 9.8
CVE-2023-2653
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2652
MEDIUM
SourceCodester Lost and Found Information System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2643
MEDIUM
SourceCodester File Tracker Manager System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2642
MEDIUM
SourceCodester Online Exam System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2641
HIGH
SourceCodester Online Internship Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2023-30194
CRITICAL
Prestashop posstaticfooter <= 1.0.0 - SQL Injection via posstaticfooter::getPosCurrentHook()
CVSS 9.8
CVE-2023-2619
MEDIUM
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 6.3
CVE-2023-32569
HIGH
Veritas InfoScale Operations Manager < 7.4.2.800 and 8.x < 8.0.410 - Authenticated SQL Injection
CVSS 7.2
CVE-2023-2596
MEDIUM
Online Reviewer System 1.0 - SQL Injection via user_id Parameter in user-update.php
CVSS 6.3
CVE-2023-2595
MEDIUM
SourceCodester Billing Management System 1.0 - SQL Injection via drop_services Parameter in ajax_service.php
CVSS 6.3
CVE-2023-2594
HIGH
Food Ordering Management System 1.0 - SQL Injection via Registration Username Parameter
CVSS 7.3
CVE-2023-30092
CRITICAL
Online Pizza Ordering System 1.0 - SQL Injection via QTY Parameter
CVSS 9.8
CVE-2023-2114
HIGH
NEX-Forms < 8.4 - SQL Injection via Table Parameter
CVSS 7.2
CVE-2023-31038
HIGH
Apache Log4cxx 0.9.0-1.0.0 - SQL Injection via ODBC Appender
CVSS 8.8
CVE-2023-30018
CRITICAL
Judging Management System 1.0 - SQL Injection via mainevent_id Parameter
CVSS 9.8
CVE-2023-30243
HIGH
Beijing Netcon NS-ASG Application Security Gateway v6.3 - SQL Injection via TunnelId
CVSS 7.5
Details
Vulnerabilities
19,772
Exploit Likelihood
High