CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,772 vulnerabilities with CWE-89
CVE-2023-30242 CRITICAL
Netentsec Application Security Gateway - SQL Injection
CVSS 9.8
CVE-2023-30203 CRITICAL
Judging Management System 1.0 - SQL Injection via event_id Parameter
CVSS 9.8
CVE-2023-2519 HIGH
Caton CTP Relay Server 1.2.9 - SQL Injection via Login API Username/Password Parameter
CVSS 7.3
CVE-2023-23470 MEDIUM
IBM i 7.2-7.5 - Privilege Escalation
CVSS 6.4
CVE-2023-30077 CRITICAL
Judging Management System 1.0 - SQL Injection via mainevent_id Parameter
CVSS 9.8
CVE-2023-29842 HIGH
ChurchCRM 4.5.4 - Blind SQL Injection via EN_tyid POST Parameter
CVSS 8.8
CVE-2023-27568 HIGH
Spryker Commerce OS 0.9 - SQL Injection via Order Search Parameter
CVSS 8.8
CVE-2023-30204 CRITICAL
Judging Management System 1.0 - SQL Injection via judge_id Parameter
CVSS 9.8
CVE-2023-31433 HIGH
Logbuch <8.2.2286, <9.0.2401 - SQL Injection
CVSS 8.8
CVE-2023-30944 MEDIUM
Moodle 3.9.0-3.9.20 and <4.2.0-rc2 - SQL Injection via External Wiki Page Listing
CVSS 5.6
CVE-2023-1730 CRITICAL
SupportCandy WP <3.1.5 - SQL Injection
CVSS 9.8
CVE-2023-2451 MEDIUM
Online DJ Management System 1.0 - SQL Injection via GET Parameter in /admin/bookings/view_details.php
CVSS 6.3
CVE-2023-2420 MEDIUM
MLECMS 3.0 - SQL Injection via $_SERVER['REQUEST_URI'] in get_url Function
CVSS 6.3
CVE-2023-2413 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via manage_booking.php id Parameter
CVSS 6.3
CVE-2023-2412 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via manage_user.php id Parameter
CVSS 6.3
CVE-2023-2411 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/inquiries/view_inquiry.php id Parameter
CVSS 6.3
CVE-2023-2410 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/bookings/view_booking.php id Parameter
CVSS 6.3
CVE-2023-2409 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via /admin/services/view_service.php id Parameter
CVSS 6.3
CVE-2023-2408 MEDIUM
AC Repair and Services System 1.0 - SQL Injection via services/view.php id Parameter
CVSS 6.3
CVE-2023-26813 CRITICAL
wangmarket CMS 4.10 - SQL Injection
CVSS 9.8
CVE-2023-26781 CRITICAL
mccms 2.6 - SQL Injection via Reader Comments Search
CVSS 9.8
CVE-2023-2371 MEDIUM
SourceCodester Online DJ Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2370 MEDIUM
SourceCodester Online DJ Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2023-2369 MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
CVE-2023-2368 MEDIUM
SourceCodester Faculty Evaluation System 1.0 - SQL Injection
CVSS 4.7
Details
Vulnerabilities 19,772
Exploit Likelihood High